]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blame - net/bluetooth/mgmt.c
projects / mirror_ubuntu-artful-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add support for Unconfigured Index Removed events
[mirror_ubuntu-artful-kernel.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
4bc58f51 32#include <net/bluetooth/l2cap.h>
0381101f 33#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 34
35#include "smp.h"
0381101f 36
2da9c55c 37#define MGMT_VERSION 1
730f091b 38#define MGMT_REVISION 7
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
4375f103 79 MGMT_OP_SET_ADVERTISING,
0663ca2a 80 MGMT_OP_SET_BREDR,
d13eafce 81 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 82 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 83 MGMT_OP_SET_SECURE_CONN,
4e39ac81 84 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 85 MGMT_OP_SET_PRIVACY,
41edf160 86 MGMT_OP_LOAD_IRKS,
dd983808 87 MGMT_OP_GET_CONN_INFO,
95868426 88 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 89 MGMT_OP_ADD_DEVICE,
90 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 91 MGMT_OP_LOAD_CONN_PARAM,
e70bb2e8
JH		 92};
93
94static const u16 mgmt_events[] = {
95 MGMT_EV_CONTROLLER_ERROR,
96 MGMT_EV_INDEX_ADDED,
97 MGMT_EV_INDEX_REMOVED,
98 MGMT_EV_NEW_SETTINGS,
99 MGMT_EV_CLASS_OF_DEV_CHANGED,
100 MGMT_EV_LOCAL_NAME_CHANGED,
101 MGMT_EV_NEW_LINK_KEY,
102 MGMT_EV_NEW_LONG_TERM_KEY,
103 MGMT_EV_DEVICE_CONNECTED,
104 MGMT_EV_DEVICE_DISCONNECTED,
105 MGMT_EV_CONNECT_FAILED,
106 MGMT_EV_PIN_CODE_REQUEST,
107 MGMT_EV_USER_CONFIRM_REQUEST,
108 MGMT_EV_USER_PASSKEY_REQUEST,
109 MGMT_EV_AUTH_FAILED,
110 MGMT_EV_DEVICE_FOUND,
111 MGMT_EV_DISCOVERING,
112 MGMT_EV_DEVICE_BLOCKED,
113 MGMT_EV_DEVICE_UNBLOCKED,
114 MGMT_EV_DEVICE_UNPAIRED,
92a25256 115 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 116 MGMT_EV_NEW_IRK,
7ee4ea36 117 MGMT_EV_NEW_CSRK,
8afef092
MH		 118 MGMT_EV_DEVICE_ADDED,
119 MGMT_EV_DEVICE_REMOVED,
ffb5a827 120 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 121 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 122 MGMT_EV_UNCONF_INDEX_REMOVED,
e70bb2e8
JH		 123};
124
17b02e62 125#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 126
4b34ee78
JH		 127#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
128 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
129
eec8d2bc
JH		 130struct pending_cmd {
131 struct list_head list;
fc2f4b13 132 u16 opcode;
eec8d2bc 133 int index;
c68fb7ff 134 void *param;
eec8d2bc 135 struct sock *sk;
e9a416b5 136 void *user_data;
eec8d2bc
JH		 137};
138
ca69b795
JH		 139/* HCI to MGMT error code conversion table */
140static u8 mgmt_status_table[] = {
141 MGMT_STATUS_SUCCESS,
142 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
143 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
144 MGMT_STATUS_FAILED, /* Hardware Failure */
145 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
146 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 147 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 148 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
149 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
150 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
151 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
152 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
153 MGMT_STATUS_BUSY, /* Command Disallowed */
154 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
155 MGMT_STATUS_REJECTED, /* Rejected Security */
156 MGMT_STATUS_REJECTED, /* Rejected Personal */
157 MGMT_STATUS_TIMEOUT, /* Host Timeout */
158 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
159 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
160 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
161 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
162 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
163 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
164 MGMT_STATUS_BUSY, /* Repeated Attempts */
165 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
166 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
167 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
168 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
169 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
170 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
171 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
172 MGMT_STATUS_FAILED, /* Unspecified Error */
173 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
174 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
175 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
176 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
177 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
178 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
179 MGMT_STATUS_FAILED, /* Unit Link Key Used */
180 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
181 MGMT_STATUS_TIMEOUT, /* Instant Passed */
182 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
183 MGMT_STATUS_FAILED, /* Transaction Collision */
184 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
185 MGMT_STATUS_REJECTED, /* QoS Rejected */
186 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
187 MGMT_STATUS_REJECTED, /* Insufficient Security */
188 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
189 MGMT_STATUS_BUSY, /* Role Switch Pending */
190 MGMT_STATUS_FAILED, /* Slot Violation */
191 MGMT_STATUS_FAILED, /* Role Switch Failed */
192 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
193 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
194 MGMT_STATUS_BUSY, /* Host Busy Pairing */
195 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
196 MGMT_STATUS_BUSY, /* Controller Busy */
197 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
198 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
199 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
200 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
201 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
202};
203
204static u8 mgmt_status(u8 hci_status)
205{
206 if (hci_status < ARRAY_SIZE(mgmt_status_table))
207 return mgmt_status_table[hci_status];
208
209 return MGMT_STATUS_FAILED;
210}
211
4e51eae9 212static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 213{
214 struct sk_buff *skb;
215 struct mgmt_hdr *hdr;
216 struct mgmt_ev_cmd_status *ev;
56b7d137 217 int err;
f7b64e69 218
34eb525c 219 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 220
790eff44 221 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 222 if (!skb)
223 return -ENOMEM;
224
225 hdr = (void *) skb_put(skb, sizeof(*hdr));
226
dcf4adbf 227 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 228 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 229 hdr->len = cpu_to_le16(sizeof(*ev));
230
231 ev = (void *) skb_put(skb, sizeof(*ev));
232 ev->status = status;
eb55ef07 233 ev->opcode = cpu_to_le16(cmd);
f7b64e69 234
56b7d137
GP		 235 err = sock_queue_rcv_skb(sk, skb);
236 if (err < 0)
f7b64e69
JH		 237 kfree_skb(skb);
238
56b7d137 239 return err;
f7b64e69
JH		 240}
241
aee9b218 242static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 243 void *rp, size_t rp_len)
02d98129
JH		 244{
245 struct sk_buff *skb;
246 struct mgmt_hdr *hdr;
247 struct mgmt_ev_cmd_complete *ev;
56b7d137 248 int err;
02d98129
JH		 249
250 BT_DBG("sock %p", sk);
251
790eff44 252 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 253 if (!skb)
254 return -ENOMEM;
255
256 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 257
dcf4adbf 258 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 259 hdr->index = cpu_to_le16(index);
a38528f1 260 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 261
a38528f1 262 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 263 ev->opcode = cpu_to_le16(cmd);
aee9b218 264 ev->status = status;
8020c16a
SJ		 265
266 if (rp)
267 memcpy(ev->data, rp, rp_len);
02d98129 268
56b7d137
GP		 269 err = sock_queue_rcv_skb(sk, skb);
270 if (err < 0)
02d98129
JH		 271 kfree_skb(skb);
272
e5f0e151 273 return err;
02d98129
JH		 274}
275
04124681
GP		 276static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
277 u16 data_len)
a38528f1
JH		 278{
279 struct mgmt_rp_read_version rp;
280
281 BT_DBG("sock %p", sk);
282
283 rp.version = MGMT_VERSION;
dcf4adbf 284 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 285
aee9b218 286 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 287 sizeof(rp));
a38528f1
JH		 288}
289
04124681
GP		 290static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
291 u16 data_len)
e70bb2e8
JH		 292{
293 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 294 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
295 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 296 __le16 *opcode;
e70bb2e8
JH		 297 size_t rp_size;
298 int i, err;
299
300 BT_DBG("sock %p", sk);
301
302 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
303
304 rp = kmalloc(rp_size, GFP_KERNEL);
305 if (!rp)
306 return -ENOMEM;
307
dcf4adbf
JP		 308 rp->num_commands = cpu_to_le16(num_commands);
309 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 310
311 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
312 put_unaligned_le16(mgmt_commands[i], opcode);
313
314 for (i = 0; i < num_events; i++, opcode++)
315 put_unaligned_le16(mgmt_events[i], opcode);
316
aee9b218 317 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 318 rp_size);
e70bb2e8
JH		 319 kfree(rp);
320
321 return err;
322}
323
04124681
GP		 324static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
325 u16 data_len)
faba42eb 326{
faba42eb 327 struct mgmt_rp_read_index_list *rp;
8035ded4 328 struct hci_dev *d;
a38528f1 329 size_t rp_len;
faba42eb 330 u16 count;
476e44cb 331 int err;
faba42eb
JH		 332
333 BT_DBG("sock %p", sk);
334
335 read_lock(&hci_dev_list_lock);
336
337 count = 0;
bb4b2a9a 338 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 339 if (d->dev_type == HCI_BREDR)
340 count++;
faba42eb
JH		 341 }
342
a38528f1
JH		 343 rp_len = sizeof(*rp) + (2 * count);
344 rp = kmalloc(rp_len, GFP_ATOMIC);
345 if (!rp) {
b2c60d42 346 read_unlock(&hci_dev_list_lock);
faba42eb 347 return -ENOMEM;
b2c60d42 348 }
faba42eb 349
476e44cb 350 count = 0;
8035ded4 351 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 352 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 353 continue;
354
0736cfa8
MH		 355 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
356 continue;
357
4a964404 358 if (test_bit(HCI_UNCONFIGURED, &d->dev_flags))
fee746b0
MH		 359 continue;
360
1514b892
MH		 361 if (d->dev_type == HCI_BREDR) {
362 rp->index[count++] = cpu_to_le16(d->id);
363 BT_DBG("Added hci%u", d->id);
364 }
faba42eb
JH		 365 }
366
476e44cb
JH		 367 rp->num_controllers = cpu_to_le16(count);
368 rp_len = sizeof(*rp) + (2 * count);
369
faba42eb
JH		 370 read_unlock(&hci_dev_list_lock);
371
aee9b218 372 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 373 rp_len);
faba42eb 374
a38528f1
JH		 375 kfree(rp);
376
377 return err;
faba42eb
JH		 378}
379
69ab39ea
JH		 380static u32 get_supported_settings(struct hci_dev *hdev)
381{
382 u32 settings = 0;
383
384 settings |= MGMT_SETTING_POWERED;
69ab39ea 385 settings |= MGMT_SETTING_PAIRABLE;
b1de97d8 386 settings |= MGMT_SETTING_DEBUG_KEYS;
69ab39ea 387
ed3fa31f 388 if (lmp_bredr_capable(hdev)) {
33c525c0 389 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 390 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
391 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 392 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 393 settings |= MGMT_SETTING_BREDR;
394 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 395
396 if (lmp_ssp_capable(hdev)) {
397 settings |= MGMT_SETTING_SSP;
398 settings |= MGMT_SETTING_HS;
399 }
e98d2ce2 400
5afeac14 401 if (lmp_sc_capable(hdev) ||
111902f7 402 test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
e98d2ce2 403 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 404 }
d7b7e796 405
eeca6f89 406 if (lmp_le_capable(hdev)) {
9d42820f 407 settings |= MGMT_SETTING_LE;
eeca6f89 408 settings |= MGMT_SETTING_ADVERTISING;
0f4bd942 409 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 410 }
69ab39ea
JH		 411
412 return settings;
413}
414
415static u32 get_current_settings(struct hci_dev *hdev)
416{
417 u32 settings = 0;
418
f1f0eb02 419 if (hdev_is_powered(hdev))
f0d4b78a
MH		 420 settings |= MGMT_SETTING_POWERED;
421
5e5282bb 422 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 423 settings |= MGMT_SETTING_CONNECTABLE;
424
1a4d3c4b
JH		 425 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
426 settings |= MGMT_SETTING_FAST_CONNECTABLE;
427
5e5282bb 428 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 429 settings |= MGMT_SETTING_DISCOVERABLE;
430
a8b2d5c2 431 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 432 settings |= MGMT_SETTING_PAIRABLE;
433
56f87901 434 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 435 settings |= MGMT_SETTING_BREDR;
436
06199cf8 437 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 438 settings |= MGMT_SETTING_LE;
439
47990ea0 440 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 441 settings |= MGMT_SETTING_LINK_SECURITY;
442
84bde9d6 443 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 444 settings |= MGMT_SETTING_SSP;
445
6d80dfd0
JH		 446 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
447 settings |= MGMT_SETTING_HS;
448
f3d3444a 449 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 450 settings |= MGMT_SETTING_ADVERTISING;
451
e98d2ce2
MH		 452 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
453 settings |= MGMT_SETTING_SECURE_CONN;
454
0663b297 455 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
b1de97d8
MH		 456 settings |= MGMT_SETTING_DEBUG_KEYS;
457
0f4bd942
JH		 458 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
459 settings |= MGMT_SETTING_PRIVACY;
460
69ab39ea
JH		 461 return settings;
462}
463
ef580372
JH		 464#define PNP_INFO_SVCLASS_ID 0x1200
465
213202ed
JH		 466static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
467{
468 u8 *ptr = data, *uuids_start = NULL;
469 struct bt_uuid *uuid;
470
471 if (len < 4)
472 return ptr;
473
474 list_for_each_entry(uuid, &hdev->uuids, list) {
475 u16 uuid16;
476
477 if (uuid->size != 16)
478 continue;
479
480 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
481 if (uuid16 < 0x1100)
482 continue;
483
484 if (uuid16 == PNP_INFO_SVCLASS_ID)
485 continue;
486
487 if (!uuids_start) {
488 uuids_start = ptr;
489 uuids_start[0] = 1;
490 uuids_start[1] = EIR_UUID16_ALL;
491 ptr += 2;
492 }
493
494 /* Stop if not enough space to put next UUID */
495 if ((ptr - data) + sizeof(u16) > len) {
496 uuids_start[1] = EIR_UUID16_SOME;
497 break;
498 }
499
500 *ptr++ = (uuid16 & 0x00ff);
501 *ptr++ = (uuid16 & 0xff00) >> 8;
502 uuids_start[0] += sizeof(uuid16);
503 }
504
505 return ptr;
506}
507
cdf1963f
JH		 508static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
509{
510 u8 *ptr = data, *uuids_start = NULL;
511 struct bt_uuid *uuid;
512
513 if (len < 6)
514 return ptr;
515
516 list_for_each_entry(uuid, &hdev->uuids, list) {
517 if (uuid->size != 32)
518 continue;
519
520 if (!uuids_start) {
521 uuids_start = ptr;
522 uuids_start[0] = 1;
523 uuids_start[1] = EIR_UUID32_ALL;
524 ptr += 2;
525 }
526
527 /* Stop if not enough space to put next UUID */
528 if ((ptr - data) + sizeof(u32) > len) {
529 uuids_start[1] = EIR_UUID32_SOME;
530 break;
531 }
532
533 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
534 ptr += sizeof(u32);
535 uuids_start[0] += sizeof(u32);
536 }
537
538 return ptr;
539}
540
c00d575b
JH		 541static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
542{
543 u8 *ptr = data, *uuids_start = NULL;
544 struct bt_uuid *uuid;
545
546 if (len < 18)
547 return ptr;
548
549 list_for_each_entry(uuid, &hdev->uuids, list) {
550 if (uuid->size != 128)
551 continue;
552
553 if (!uuids_start) {
554 uuids_start = ptr;
555 uuids_start[0] = 1;
556 uuids_start[1] = EIR_UUID128_ALL;
557 ptr += 2;
558 }
559
560 /* Stop if not enough space to put next UUID */
561 if ((ptr - data) + 16 > len) {
562 uuids_start[1] = EIR_UUID128_SOME;
563 break;
564 }
565
566 memcpy(ptr, uuid->uuid, 16);
567 ptr += 16;
568 uuids_start[0] += 16;
569 }
570
571 return ptr;
572}
573
eb2a8d20
JH		 574static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
575{
576 struct pending_cmd *cmd;
577
578 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
579 if (cmd->opcode == opcode)
580 return cmd;
581 }
582
583 return NULL;
584}
585
95868426
JH		 586static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
587 struct hci_dev *hdev,
588 const void *data)
589{
590 struct pending_cmd *cmd;
591
592 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
593 if (cmd->user_data != data)
594 continue;
595 if (cmd->opcode == opcode)
596 return cmd;
597 }
598
599 return NULL;
600}
601
f14d8f64
MH		 602static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
603{
7a5f4990
MH		 604 u8 ad_len = 0;
605 size_t name_len;
606
607 name_len = strlen(hdev->dev_name);
608 if (name_len > 0) {
609 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
610
611 if (name_len > max_len) {
612 name_len = max_len;
613 ptr[1] = EIR_NAME_SHORT;
614 } else
615 ptr[1] = EIR_NAME_COMPLETE;
616
617 ptr[0] = name_len + 1;
618
619 memcpy(ptr + 2, hdev->dev_name, name_len);
620
621 ad_len += (name_len + 2);
622 ptr += (name_len + 2);
623 }
624
625 return ad_len;
f14d8f64
MH		 626}
627
628static void update_scan_rsp_data(struct hci_request *req)
629{
630 struct hci_dev *hdev = req->hdev;
631 struct hci_cp_le_set_scan_rsp_data cp;
632 u8 len;
633
7751ef1b 634 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 635 return;
636
637 memset(&cp, 0, sizeof(cp));
638
639 len = create_scan_rsp_data(hdev, cp.data);
640
eb438b5f
JH		 641 if (hdev->scan_rsp_data_len == len &&
642 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 643 return;
644
eb438b5f
JH		 645 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
646 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 647
648 cp.length = len;
649
650 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
651}
652
9a43e25f
JH		 653static u8 get_adv_discov_flags(struct hci_dev *hdev)
654{
655 struct pending_cmd *cmd;
656
657 /* If there's a pending mgmt command the flags will not yet have
658 * their final values, so check for this first.
659 */
660 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
661 if (cmd) {
662 struct mgmt_mode *cp = cmd->param;
663 if (cp->val == 0x01)
664 return LE_AD_GENERAL;
665 else if (cp->val == 0x02)
666 return LE_AD_LIMITED;
667 } else {
668 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
669 return LE_AD_LIMITED;
670 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
671 return LE_AD_GENERAL;
672 }
673
674 return 0;
675}
676
46cad2ed 677static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 678{
679 u8 ad_len = 0, flags = 0;
441ad2d0 680
9a43e25f 681 flags |= get_adv_discov_flags(hdev);
441ad2d0 682
e834004b 683 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 684 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 685
686 if (flags) {
687 BT_DBG("adv flags 0x%02x", flags);
688
689 ptr[0] = 2;
690 ptr[1] = EIR_FLAGS;
691 ptr[2] = flags;
692
693 ad_len += 3;
694 ptr += 3;
695 }
696
697 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
698 ptr[0] = 2;
699 ptr[1] = EIR_TX_POWER;
700 ptr[2] = (u8) hdev->adv_tx_power;
701
702 ad_len += 3;
703 ptr += 3;
704 }
705
441ad2d0
MH		 706 return ad_len;
707}
708
5947f4bc 709static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 710{
711 struct hci_dev *hdev = req->hdev;
712 struct hci_cp_le_set_adv_data cp;
713 u8 len;
714
10994ce6 715 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 716 return;
717
718 memset(&cp, 0, sizeof(cp));
719
46cad2ed 720 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 721
722 if (hdev->adv_data_len == len &&
723 memcmp(cp.data, hdev->adv_data, len) == 0)
724 return;
725
726 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
727 hdev->adv_data_len = len;
728
729 cp.length = len;
730
731 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
732}
733
ef580372
JH		 734static void create_eir(struct hci_dev *hdev, u8 *data)
735{
736 u8 *ptr = data;
ef580372
JH		 737 size_t name_len;
738
739 name_len = strlen(hdev->dev_name);
740
741 if (name_len > 0) {
742 /* EIR Data type */
743 if (name_len > 48) {
744 name_len = 48;
745 ptr[1] = EIR_NAME_SHORT;
746 } else
747 ptr[1] = EIR_NAME_COMPLETE;
748
749 /* EIR Data length */
750 ptr[0] = name_len + 1;
751
752 memcpy(ptr + 2, hdev->dev_name, name_len);
753
ef580372
JH		 754 ptr += (name_len + 2);
755 }
756
bbaf444a 757 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 758 ptr[0] = 2;
759 ptr[1] = EIR_TX_POWER;
760 ptr[2] = (u8) hdev->inq_tx_power;
761
91c4e9b1
MH		 762 ptr += 3;
763 }
764
2b9be137
MH		 765 if (hdev->devid_source > 0) {
766 ptr[0] = 9;
767 ptr[1] = EIR_DEVICE_ID;
768
769 put_unaligned_le16(hdev->devid_source, ptr + 2);
770 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
771 put_unaligned_le16(hdev->devid_product, ptr + 6);
772 put_unaligned_le16(hdev->devid_version, ptr + 8);
773
2b9be137
MH		 774 ptr += 10;
775 }
776
213202ed 777 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 778 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 779 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 780}
781
890ea898 782static void update_eir(struct hci_request *req)
ef580372 783{
890ea898 784 struct hci_dev *hdev = req->hdev;
ef580372
JH		 785 struct hci_cp_write_eir cp;
786
504c8dcd 787 if (!hdev_is_powered(hdev))
890ea898 788 return;
7770c4aa 789
976eb20e 790 if (!lmp_ext_inq_capable(hdev))
890ea898 791 return;
ef580372 792
84bde9d6 793 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 794 return;
ef580372 795
a8b2d5c2 796 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 797 return;
ef580372
JH		 798
799 memset(&cp, 0, sizeof(cp));
800
801 create_eir(hdev, cp.data);
802
803 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 804 return;
ef580372
JH		 805
806 memcpy(hdev->eir, cp.data, sizeof(cp.data));
807
890ea898 808 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 809}
810
811static u8 get_service_classes(struct hci_dev *hdev)
812{
813 struct bt_uuid *uuid;
814 u8 val = 0;
815
816 list_for_each_entry(uuid, &hdev->uuids, list)
817 val |= uuid->svc_hint;
818
819 return val;
820}
821
890ea898 822static void update_class(struct hci_request *req)
ef580372 823{
890ea898 824 struct hci_dev *hdev = req->hdev;
ef580372
JH		 825 u8 cod[3];
826
827 BT_DBG("%s", hdev->name);
828
504c8dcd 829 if (!hdev_is_powered(hdev))
890ea898 830 return;
7770c4aa 831
f87ea1da
JH		 832 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
833 return;
834
a8b2d5c2 835 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 836 return;
ef580372
JH		 837
838 cod[0] = hdev->minor_class;
839 cod[1] = hdev->major_class;
840 cod[2] = get_service_classes(hdev);
841
6acd7db4
MH		 842 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
843 cod[1] |= 0x20;
844
ef580372 845 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 846 return;
ef580372 847
890ea898 848 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 849}
850
a4858cb9 851static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 852{
853 struct pending_cmd *cmd;
199a2fb1
JH		 854
855 /* If there's a pending mgmt command the flag will not yet have
856 * it's final value, so check for this first.
857 */
858 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
859 if (cmd) {
860 struct mgmt_mode *cp = cmd->param;
a4858cb9 861 return cp->val;
199a2fb1
JH		 862 }
863
a4858cb9 864 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 865}
866
867static void enable_advertising(struct hci_request *req)
868{
869 struct hci_dev *hdev = req->hdev;
870 struct hci_cp_le_set_adv_param cp;
8f2a0601 871 u8 own_addr_type, enable = 0x01;
a4858cb9 872 bool connectable;
199a2fb1 873
8d97250e
JH		 874 /* Clear the HCI_ADVERTISING bit temporarily so that the
875 * hci_update_random_address knows that it's safe to go ahead
876 * and write a new random address. The flag will be set back on
877 * as soon as the SET_ADV_ENABLE HCI command completes.
878 */
879 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
880
a4858cb9 881 connectable = get_connectable(hdev);
8f2a0601 882
a4858cb9
JH		 883 /* Set require_privacy to true only when non-connectable
884 * advertising is used. In that case it is fine to use a
885 * non-resolvable private address.
886 */
887 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 888 return;
889
41c90c18 890 memset(&cp, 0, sizeof(cp));
dcf4adbf
JP		 891 cp.min_interval = cpu_to_le16(0x0800);
892 cp.max_interval = cpu_to_le16(0x0800);
a4858cb9 893 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 894 cp.own_address_type = own_addr_type;
199a2fb1
JH		 895 cp.channel_map = hdev->le_adv_channel_map;
896
897 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
898
899 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
900}
901
902static void disable_advertising(struct hci_request *req)
903{
904 u8 enable = 0x00;
905
906 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
907}
908
7d78525d
JH		 909static void service_cache_off(struct work_struct *work)
910{
911 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 912 service_cache.work);
890ea898 913 struct hci_request req;
7d78525d 914
a8b2d5c2 915 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 916 return;
917
890ea898
JH		 918 hci_req_init(&req, hdev);
919
7d78525d
JH		 920 hci_dev_lock(hdev);
921
890ea898
JH		 922 update_eir(&req);
923 update_class(&req);
7d78525d
JH		 924
925 hci_dev_unlock(hdev);
890ea898
JH		 926
927 hci_req_run(&req, NULL);
7d78525d
JH		 928}
929
d6bfd59c
JH		 930static void rpa_expired(struct work_struct *work)
931{
932 struct hci_dev *hdev = container_of(work, struct hci_dev,
933 rpa_expired.work);
934 struct hci_request req;
935
936 BT_DBG("");
937
938 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
939
940 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags) ||
941 hci_conn_num(hdev, LE_LINK) > 0)
942 return;
943
944 /* The generation of a new RPA and programming it into the
945 * controller happens in the enable_advertising() function.
946 */
947
948 hci_req_init(&req, hdev);
949
950 disable_advertising(&req);
951 enable_advertising(&req);
952
953 hci_req_run(&req, NULL);
954}
955
6a919082 956static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 957{
4f87da80 958 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 959 return;
960
4f87da80 961 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 962 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 963
4f87da80
JH		 964 /* Non-mgmt controlled devices get this bit set
965 * implicitly so that pairing works for them, however
966 * for mgmt we require user-space to explicitly enable
967 * it
968 */
969 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 970}
971
0f4e68cf 972static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 973 void *data, u16 data_len)
0381101f 974{
a38528f1 975 struct mgmt_rp_read_info rp;
f7b64e69 976
bdb6d971 977 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 978
09fd0de5 979 hci_dev_lock(hdev);
f7b64e69 980
dc4fe30b
JH		 981 memset(&rp, 0, sizeof(rp));
982
69ab39ea 983 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 984
69ab39ea 985 rp.version = hdev->hci_ver;
eb55ef07 986 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 987
988 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
989 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 990
a38528f1 991 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 992
dc4fe30b 993 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 994 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 995
09fd0de5 996 hci_dev_unlock(hdev);
0381101f 997
bdb6d971 998 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 999 sizeof(rp));
0381101f
JH		 1000}
1001
eec8d2bc
JH		 1002static void mgmt_pending_free(struct pending_cmd *cmd)
1003{
1004 sock_put(cmd->sk);
c68fb7ff 1005 kfree(cmd->param);
eec8d2bc
JH		 1006 kfree(cmd);
1007}
1008
366a0336 1009static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 1010 struct hci_dev *hdev, void *data,
1011 u16 len)
eec8d2bc
JH		 1012{
1013 struct pending_cmd *cmd;
1014
fca20018 1015 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1016 if (!cmd)
366a0336 1017 return NULL;
eec8d2bc
JH		 1018
1019 cmd->opcode = opcode;
2e58ef3e 1020 cmd->index = hdev->id;
eec8d2bc 1021
12b94565 1022 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 1023 if (!cmd->param) {
eec8d2bc 1024 kfree(cmd);
366a0336 1025 return NULL;
eec8d2bc
JH		 1026 }
1027
8fce6357
SJ		 1028 if (data)
1029 memcpy(cmd->param, data, len);
eec8d2bc
JH		 1030
1031 cmd->sk = sk;
1032 sock_hold(sk);
1033
2e58ef3e 1034 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1035
366a0336 1036 return cmd;
eec8d2bc
JH		 1037}
1038
744cf19e 1039static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1040 void (*cb)(struct pending_cmd *cmd,
1041 void *data),
04124681 1042 void *data)
eec8d2bc 1043{
a3d09356 1044 struct pending_cmd *cmd, *tmp;
eec8d2bc 1045
a3d09356 1046 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1047 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1048 continue;
1049
eec8d2bc
JH		 1050 cb(cmd, data);
1051 }
1052}
1053
a664b5bc 1054static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1055{
73f22f62
JH		 1056 list_del(&cmd->list);
1057 mgmt_pending_free(cmd);
1058}
1059
69ab39ea 1060static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1061{
69ab39ea 1062 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1063
aee9b218 1064 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1065 sizeof(settings));
8680570b
JH		 1066}
1067
8b064a3a
JH		 1068static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1069{
1070 BT_DBG("%s status 0x%02x", hdev->name, status);
1071
a3172b7e
JH		 1072 if (hci_conn_count(hdev) == 0) {
1073 cancel_delayed_work(&hdev->power_off);
8b064a3a 1074 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1075 }
8b064a3a
JH		 1076}
1077
21a60d30
JH		 1078static void hci_stop_discovery(struct hci_request *req)
1079{
1080 struct hci_dev *hdev = req->hdev;
1081 struct hci_cp_remote_name_req_cancel cp;
1082 struct inquiry_entry *e;
1083
1084 switch (hdev->discovery.state) {
1085 case DISCOVERY_FINDING:
1086 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1087 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1088 } else {
1089 cancel_delayed_work(&hdev->le_scan_disable);
1090 hci_req_add_le_scan_disable(req);
1091 }
1092
1093 break;
1094
1095 case DISCOVERY_RESOLVING:
1096 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1097 NAME_PENDING);
1098 if (!e)
1099 return;
1100
1101 bacpy(&cp.bdaddr, &e->data.bdaddr);
1102 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1103 &cp);
1104
1105 break;
1106
1107 default:
1108 /* Passive scanning */
1109 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
1110 hci_req_add_le_scan_disable(req);
1111 break;
1112 }
1113}
1114
8b064a3a
JH		 1115static int clean_up_hci_state(struct hci_dev *hdev)
1116{
1117 struct hci_request req;
1118 struct hci_conn *conn;
1119
1120 hci_req_init(&req, hdev);
1121
1122 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1123 test_bit(HCI_PSCAN, &hdev->flags)) {
1124 u8 scan = 0x00;
1125 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1126 }
1127
1128 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1129 disable_advertising(&req);
1130
f8680f12 1131 hci_stop_discovery(&req);
8b064a3a
JH		 1132
1133 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1134 struct hci_cp_disconnect dc;
c9910d0f
JH		 1135 struct hci_cp_reject_conn_req rej;
1136
1137 switch (conn->state) {
1138 case BT_CONNECTED:
1139 case BT_CONFIG:
1140 dc.handle = cpu_to_le16(conn->handle);
1141 dc.reason = 0x15; /* Terminated due to Power Off */
1142 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1143 break;
1144 case BT_CONNECT:
1145 if (conn->type == LE_LINK)
1146 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1147 0, NULL);
1148 else if (conn->type == ACL_LINK)
1149 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1150 6, &conn->dst);
1151 break;
1152 case BT_CONNECT2:
1153 bacpy(&rej.bdaddr, &conn->dst);
1154 rej.reason = 0x15; /* Terminated due to Power Off */
1155 if (conn->type == ACL_LINK)
1156 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1157 sizeof(rej), &rej);
1158 else if (conn->type == SCO_LINK)
1159 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1160 sizeof(rej), &rej);
1161 break;
1162 }
8b064a3a
JH		 1163 }
1164
1165 return hci_req_run(&req, clean_up_hci_complete);
1166}
1167
bdb6d971 1168static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1169 u16 len)
eec8d2bc 1170{
650f726d 1171 struct mgmt_mode *cp = data;
366a0336 1172 struct pending_cmd *cmd;
4b34ee78 1173 int err;
eec8d2bc 1174
bdb6d971 1175 BT_DBG("request for %s", hdev->name);
eec8d2bc 1176
a7e80f25
JH		 1177 if (cp->val != 0x00 && cp->val != 0x01)
1178 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1179 MGMT_STATUS_INVALID_PARAMS);
1180
09fd0de5 1181 hci_dev_lock(hdev);
eec8d2bc 1182
87b95ba6
JH		 1183 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1184 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1185 MGMT_STATUS_BUSY);
1186 goto failed;
1187 }
1188
f0d4b78a
MH		 1189 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1190 cancel_delayed_work(&hdev->power_off);
1191
1192 if (cp->val) {
a1d70450
JH		 1193 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1194 data, len);
1195 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1196 goto failed;
1197 }
1198 }
1199
4b34ee78 1200 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1201 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1202 goto failed;
1203 }
1204
2e58ef3e 1205 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1206 if (!cmd) {
1207 err = -ENOMEM;
eec8d2bc 1208 goto failed;
366a0336 1209 }
eec8d2bc 1210
8b064a3a 1211 if (cp->val) {
19202573 1212 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1213 err = 0;
1214 } else {
1215 /* Disconnect connections, stop scans, etc */
1216 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1217 if (!err)
1218 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1219 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1220
8b064a3a
JH		 1221 /* ENODATA means there were no HCI commands queued */
1222 if (err == -ENODATA) {
a3172b7e 1223 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1224 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1225 err = 0;
1226 }
1227 }
eec8d2bc
JH		 1228
1229failed:
09fd0de5 1230 hci_dev_unlock(hdev);
366a0336 1231 return err;
eec8d2bc
JH		 1232}
1233
04124681
GP		 1234static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
1235 struct sock *skip_sk)
beadb2bd
JH		 1236{
1237 struct sk_buff *skb;
1238 struct mgmt_hdr *hdr;
1239
790eff44 1240 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 1241 if (!skb)
1242 return -ENOMEM;
1243
1244 hdr = (void *) skb_put(skb, sizeof(*hdr));
1245 hdr->opcode = cpu_to_le16(event);
1246 if (hdev)
1247 hdr->index = cpu_to_le16(hdev->id);
1248 else
dcf4adbf 1249 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 1250 hdr->len = cpu_to_le16(data_len);
1251
1252 if (data)
1253 memcpy(skb_put(skb, data_len), data, data_len);
1254
97e0bdeb
MH		 1255 /* Time stamp */
1256 __net_timestamp(skb);
1257
beadb2bd
JH		 1258 hci_send_to_control(skb, skip_sk);
1259 kfree_skb(skb);
1260
1261 return 0;
1262}
1263
1264static int new_settings(struct hci_dev *hdev, struct sock *skip)
1265{
1266 __le32 ev;
1267
1268 ev = cpu_to_le32(get_current_settings(hdev));
1269
1270 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1271}
1272
bd99abdd
JH		 1273struct cmd_lookup {
1274 struct sock *sk;
1275 struct hci_dev *hdev;
1276 u8 mgmt_status;
1277};
1278
1279static void settings_rsp(struct pending_cmd *cmd, void *data)
1280{
1281 struct cmd_lookup *match = data;
1282
1283 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1284
1285 list_del(&cmd->list);
1286
1287 if (match->sk == NULL) {
1288 match->sk = cmd->sk;
1289 sock_hold(match->sk);
1290 }
1291
1292 mgmt_pending_free(cmd);
1293}
1294
1295static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1296{
1297 u8 *status = data;
1298
1299 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1300 mgmt_pending_remove(cmd);
1301}
1302
e6fe7986
JH		 1303static u8 mgmt_bredr_support(struct hci_dev *hdev)
1304{
1305 if (!lmp_bredr_capable(hdev))
1306 return MGMT_STATUS_NOT_SUPPORTED;
1307 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1308 return MGMT_STATUS_REJECTED;
1309 else
1310 return MGMT_STATUS_SUCCESS;
1311}
1312
1313static u8 mgmt_le_support(struct hci_dev *hdev)
1314{
1315 if (!lmp_le_capable(hdev))
1316 return MGMT_STATUS_NOT_SUPPORTED;
1317 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1318 return MGMT_STATUS_REJECTED;
1319 else
1320 return MGMT_STATUS_SUCCESS;
1321}
1322
bfaf8c9f
JH		 1323static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1324{
1325 struct pending_cmd *cmd;
1326 struct mgmt_mode *cp;
970ba524 1327 struct hci_request req;
bfaf8c9f
JH		 1328 bool changed;
1329
1330 BT_DBG("status 0x%02x", status);
1331
1332 hci_dev_lock(hdev);
1333
1334 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1335 if (!cmd)
1336 goto unlock;
1337
1338 if (status) {
1339 u8 mgmt_err = mgmt_status(status);
1340 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1341 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1342 goto remove_cmd;
1343 }
1344
1345 cp = cmd->param;
d4462a07 1346 if (cp->val) {
bfaf8c9f
JH		 1347 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1348 &hdev->dev_flags);
d4462a07
MH		 1349
1350 if (hdev->discov_timeout > 0) {
1351 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1352 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1353 to);
1354 }
1355 } else {
bfaf8c9f
JH		 1356 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1357 &hdev->dev_flags);
d4462a07 1358 }
bfaf8c9f
JH		 1359
1360 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1361
1362 if (changed)
1363 new_settings(hdev, cmd->sk);
1364
970ba524
MH		 1365 /* When the discoverable mode gets changed, make sure
1366 * that class of device has the limited discoverable
1367 * bit correctly set.
1368 */
1369 hci_req_init(&req, hdev);
1370 update_class(&req);
1371 hci_req_run(&req, NULL);
1372
bfaf8c9f
JH		 1373remove_cmd:
1374 mgmt_pending_remove(cmd);
1375
1376unlock:
1377 hci_dev_unlock(hdev);
1378}
1379
bdb6d971 1380static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1381 u16 len)
73f22f62 1382{
650f726d 1383 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1384 struct pending_cmd *cmd;
bfaf8c9f 1385 struct hci_request req;
5e5282bb 1386 u16 timeout;
9a43e25f 1387 u8 scan;
73f22f62
JH		 1388 int err;
1389
bdb6d971 1390 BT_DBG("request for %s", hdev->name);
73f22f62 1391
9a43e25f
JH		 1392 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1393 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1394 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1395 MGMT_STATUS_REJECTED);
33c525c0 1396
310a3d48 1397 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1398 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1399 MGMT_STATUS_INVALID_PARAMS);
1400
1f350c87 1401 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1402
1403 /* Disabling discoverable requires that no timeout is set,
1404 * and enabling limited discoverable requires a timeout.
1405 */
1406 if ((cp->val == 0x00 && timeout > 0) ||
1407 (cp->val == 0x02 && timeout == 0))
bdb6d971 1408 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1409 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1410
09fd0de5 1411 hci_dev_lock(hdev);
73f22f62 1412
5e5282bb 1413 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1414 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1415 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1416 goto failed;
1417 }
1418
2e58ef3e 1419 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1420 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1421 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1422 MGMT_STATUS_BUSY);
73f22f62
JH		 1423 goto failed;
1424 }
1425
5e5282bb 1426 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1427 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1428 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1429 goto failed;
1430 }
1431
1432 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1433 bool changed = false;
1434
310a3d48
MH		 1435 /* Setting limited discoverable when powered off is
1436 * not a valid operation since it requires a timeout
1437 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1438 */
0224d2fa
JH		 1439 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1440 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1441 changed = true;
1442 }
1443
5e5282bb 1444 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1445 if (err < 0)
1446 goto failed;
1447
1448 if (changed)
1449 err = new_settings(hdev, sk);
1450
5e5282bb
JH		 1451 goto failed;
1452 }
1453
310a3d48
MH		 1454 /* If the current mode is the same, then just update the timeout
1455 * value with the new value. And if only the timeout gets updated,
1456 * then no need for any HCI transactions.
1457 */
1458 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1459 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1460 &hdev->dev_flags)) {
36261547
MH		 1461 cancel_delayed_work(&hdev->discov_off);
1462 hdev->discov_timeout = timeout;
955638ec 1463
36261547
MH		 1464 if (cp->val && hdev->discov_timeout > 0) {
1465 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1466 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1467 to);
955638ec
MH		 1468 }
1469
69ab39ea 1470 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1471 goto failed;
1472 }
1473
2e58ef3e 1474 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1475 if (!cmd) {
1476 err = -ENOMEM;
73f22f62 1477 goto failed;
366a0336 1478 }
73f22f62 1479
310a3d48
MH		 1480 /* Cancel any potential discoverable timeout that might be
1481 * still active and store new timeout value. The arming of
1482 * the timeout happens in the complete handler.
1483 */
1484 cancel_delayed_work(&hdev->discov_off);
1485 hdev->discov_timeout = timeout;
1486
b456f87c
JH		 1487 /* Limited discoverable mode */
1488 if (cp->val == 0x02)
1489 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1490 else
1491 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1492
bfaf8c9f
JH		 1493 hci_req_init(&req, hdev);
1494
9a43e25f
JH		 1495 /* The procedure for LE-only controllers is much simpler - just
1496 * update the advertising data.
1497 */
1498 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1499 goto update_ad;
1500
73f22f62
JH		 1501 scan = SCAN_PAGE;
1502
310a3d48
MH		 1503 if (cp->val) {
1504 struct hci_cp_write_current_iac_lap hci_cp;
1505
1506 if (cp->val == 0x02) {
1507 /* Limited discoverable mode */
33337dcb 1508 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1509 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1510 hci_cp.iac_lap[1] = 0x8b;
1511 hci_cp.iac_lap[2] = 0x9e;
1512 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1513 hci_cp.iac_lap[4] = 0x8b;
1514 hci_cp.iac_lap[5] = 0x9e;
1515 } else {
1516 /* General discoverable mode */
310a3d48
MH		 1517 hci_cp.num_iac = 1;
1518 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1519 hci_cp.iac_lap[1] = 0x8b;
1520 hci_cp.iac_lap[2] = 0x9e;
1521 }
1522
1523 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1524 (hci_cp.num_iac * 3) + 1, &hci_cp);
1525
73f22f62 1526 scan |= SCAN_INQUIRY;
310a3d48
MH		 1527 } else {
1528 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1529 }
73f22f62 1530
310a3d48 1531 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1532
9a43e25f
JH		 1533update_ad:
1534 update_adv_data(&req);
1535
bfaf8c9f 1536 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1537 if (err < 0)
a664b5bc 1538 mgmt_pending_remove(cmd);
73f22f62
JH		 1539
1540failed:
09fd0de5 1541 hci_dev_unlock(hdev);
73f22f62
JH		 1542 return err;
1543}
1544
406d7804
JH		 1545static void write_fast_connectable(struct hci_request *req, bool enable)
1546{
bd98b996 1547 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1548 struct hci_cp_write_page_scan_activity acp;
1549 u8 type;
1550
547003b1
JH		 1551 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1552 return;
1553
4c01f8b8
JH		 1554 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1555 return;
1556
406d7804
JH		 1557 if (enable) {
1558 type = PAGE_SCAN_TYPE_INTERLACED;
1559
1560 /* 160 msec page scan interval */
dcf4adbf 1561 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1562 } else {
1563 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1564
1565 /* default 1.28 sec page scan */
dcf4adbf 1566 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1567 }
1568
dcf4adbf 1569 acp.window = cpu_to_le16(0x0012);
406d7804 1570
bd98b996
JH		 1571 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1572 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1573 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1574 sizeof(acp), &acp);
1575
1576 if (hdev->page_scan_type != type)
1577 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1578}
1579
2b76f453
JH		 1580static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1581{
1582 struct pending_cmd *cmd;
d7b856f9
JH		 1583 struct mgmt_mode *cp;
1584 bool changed;
2b76f453
JH		 1585
1586 BT_DBG("status 0x%02x", status);
1587
1588 hci_dev_lock(hdev);
1589
1590 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1591 if (!cmd)
1592 goto unlock;
1593
37438c1f
JH		 1594 if (status) {
1595 u8 mgmt_err = mgmt_status(status);
1596 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1597 goto remove_cmd;
1598 }
1599
d7b856f9
JH		 1600 cp = cmd->param;
1601 if (cp->val)
1602 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1603 else
1604 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1605
2b76f453
JH		 1606 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1607
d7b856f9
JH		 1608 if (changed)
1609 new_settings(hdev, cmd->sk);
1610
37438c1f 1611remove_cmd:
2b76f453
JH		 1612 mgmt_pending_remove(cmd);
1613
1614unlock:
1615 hci_dev_unlock(hdev);
1616}
1617
e8ba3a1f
JH		 1618static int set_connectable_update_settings(struct hci_dev *hdev,
1619 struct sock *sk, u8 val)
1620{
1621 bool changed = false;
1622 int err;
1623
1624 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1625 changed = true;
1626
1627 if (val) {
1628 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1629 } else {
1630 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1631 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1632 }
1633
1634 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1635 if (err < 0)
1636 return err;
1637
1638 if (changed)
1639 return new_settings(hdev, sk);
1640
1641 return 0;
1642}
1643
bdb6d971 1644static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1645 u16 len)
9fbcbb45 1646{
650f726d 1647 struct mgmt_mode *cp = data;
366a0336 1648 struct pending_cmd *cmd;
2b76f453 1649 struct hci_request req;
1987fdc7 1650 u8 scan;
9fbcbb45
JH		 1651 int err;
1652
bdb6d971 1653 BT_DBG("request for %s", hdev->name);
9fbcbb45 1654
1987fdc7
JH		 1655 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1656 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1657 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1658 MGMT_STATUS_REJECTED);
33c525c0 1659
a7e80f25
JH		 1660 if (cp->val != 0x00 && cp->val != 0x01)
1661 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1662 MGMT_STATUS_INVALID_PARAMS);
1663
09fd0de5 1664 hci_dev_lock(hdev);
9fbcbb45 1665
4b34ee78 1666 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1667 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1668 goto failed;
1669 }
1670
2e58ef3e 1671 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1672 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1673 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1674 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1675 goto failed;
1676 }
1677
2e58ef3e 1678 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1679 if (!cmd) {
1680 err = -ENOMEM;
9fbcbb45 1681 goto failed;
366a0336 1682 }
9fbcbb45 1683
9b74246f 1684 hci_req_init(&req, hdev);
9fbcbb45 1685
9a43e25f
JH		 1686 /* If BR/EDR is not enabled and we disable advertising as a
1687 * by-product of disabling connectable, we need to update the
1688 * advertising flags.
1689 */
1690 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1691 if (!cp->val) {
1692 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1693 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1694 }
1695 update_adv_data(&req);
1696 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1697 if (cp->val) {
1698 scan = SCAN_PAGE;
1699 } else {
1700 scan = 0;
1701
1702 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1703 hdev->discov_timeout > 0)
9b74246f
JH		 1704 cancel_delayed_work(&hdev->discov_off);
1705 }
2b76f453 1706
9b74246f
JH		 1707 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1708 }
2b76f453 1709
4c01f8b8
JH		 1710 /* If we're going from non-connectable to connectable or
1711 * vice-versa when fast connectable is enabled ensure that fast
1712 * connectable gets disabled. write_fast_connectable won't do
1713 * anything if the page scan parameters are already what they
1714 * should be.
1715 */
1716 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1717 write_fast_connectable(&req, false);
1718
1987fdc7
JH		 1719 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1720 hci_conn_num(hdev, LE_LINK) == 0) {
1721 disable_advertising(&req);
1722 enable_advertising(&req);
1723 }
1724
2b76f453 1725 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1726 if (err < 0) {
a664b5bc 1727 mgmt_pending_remove(cmd);
9b74246f 1728 if (err == -ENODATA)
a81070ba
JH		 1729 err = set_connectable_update_settings(hdev, sk,
1730 cp->val);
9b74246f
JH		 1731 goto failed;
1732 }
9fbcbb45
JH		 1733
1734failed:
09fd0de5 1735 hci_dev_unlock(hdev);
9fbcbb45
JH		 1736 return err;
1737}
1738
bdb6d971 1739static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1740 u16 len)
c542a06c 1741{
650f726d 1742 struct mgmt_mode *cp = data;
55594356 1743 bool changed;
c542a06c
JH		 1744 int err;
1745
bdb6d971 1746 BT_DBG("request for %s", hdev->name);
c542a06c 1747
a7e80f25
JH		 1748 if (cp->val != 0x00 && cp->val != 0x01)
1749 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1750 MGMT_STATUS_INVALID_PARAMS);
1751
09fd0de5 1752 hci_dev_lock(hdev);
c542a06c
JH		 1753
1754 if (cp->val)
55594356 1755 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1756 else
55594356 1757 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1758
69ab39ea 1759 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1760 if (err < 0)
55594356 1761 goto unlock;
c542a06c 1762
55594356
MH		 1763 if (changed)
1764 err = new_settings(hdev, sk);
c542a06c 1765
55594356 1766unlock:
09fd0de5 1767 hci_dev_unlock(hdev);
c542a06c
JH		 1768 return err;
1769}
1770
04124681
GP		 1771static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1772 u16 len)
33ef95ed
JH		 1773{
1774 struct mgmt_mode *cp = data;
1775 struct pending_cmd *cmd;
e6fe7986 1776 u8 val, status;
33ef95ed
JH		 1777 int err;
1778
bdb6d971 1779 BT_DBG("request for %s", hdev->name);
33ef95ed 1780
e6fe7986
JH		 1781 status = mgmt_bredr_support(hdev);
1782 if (status)
33c525c0 1783 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1784 status);
33c525c0 1785
a7e80f25
JH		 1786 if (cp->val != 0x00 && cp->val != 0x01)
1787 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1788 MGMT_STATUS_INVALID_PARAMS);
1789
33ef95ed
JH		 1790 hci_dev_lock(hdev);
1791
4b34ee78 1792 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1793 bool changed = false;
1794
1795 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1796 &hdev->dev_flags)) {
47990ea0
JH		 1797 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1798 changed = true;
1799 }
1800
1801 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1802 if (err < 0)
1803 goto failed;
1804
1805 if (changed)
1806 err = new_settings(hdev, sk);
1807
33ef95ed
JH		 1808 goto failed;
1809 }
1810
1811 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1812 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1813 MGMT_STATUS_BUSY);
33ef95ed
JH		 1814 goto failed;
1815 }
1816
1817 val = !!cp->val;
1818
1819 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1820 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1821 goto failed;
1822 }
1823
1824 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1825 if (!cmd) {
1826 err = -ENOMEM;
1827 goto failed;
1828 }
1829
1830 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1831 if (err < 0) {
1832 mgmt_pending_remove(cmd);
1833 goto failed;
1834 }
1835
1836failed:
1837 hci_dev_unlock(hdev);
33ef95ed
JH		 1838 return err;
1839}
1840
bdb6d971 1841static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1842{
1843 struct mgmt_mode *cp = data;
1844 struct pending_cmd *cmd;
72ef0c1a 1845 u8 status;
ed2c4ee3
JH		 1846 int err;
1847
bdb6d971 1848 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1849
cdba5281
MH		 1850 status = mgmt_bredr_support(hdev);
1851 if (status)
1852 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1853
13ecd8b6
JH		 1854 if (!lmp_ssp_capable(hdev))
1855 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1856 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1857
a7e80f25
JH		 1858 if (cp->val != 0x00 && cp->val != 0x01)
1859 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1860 MGMT_STATUS_INVALID_PARAMS);
1861
13ecd8b6 1862 hci_dev_lock(hdev);
6c8f12c1 1863
4b34ee78 1864 if (!hdev_is_powered(hdev)) {
9ecb3e24 1865 bool changed;
c0ecddc2 1866
9ecb3e24
MH		 1867 if (cp->val) {
1868 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1869 &hdev->dev_flags);
1870 } else {
1871 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1872 &hdev->dev_flags);
1873 if (!changed)
1874 changed = test_and_clear_bit(HCI_HS_ENABLED,
1875 &hdev->dev_flags);
1876 else
1877 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1878 }
1879
1880 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1881 if (err < 0)
1882 goto failed;
1883
1884 if (changed)
1885 err = new_settings(hdev, sk);
1886
ed2c4ee3
JH		 1887 goto failed;
1888 }
1889
9ecb3e24
MH		 1890 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1891 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1892 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1893 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1894 goto failed;
1895 }
1896
72ef0c1a 1897 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1898 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1899 goto failed;
1900 }
1901
1902 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1903 if (!cmd) {
1904 err = -ENOMEM;
1905 goto failed;
1906 }
1907
3769972b
JH		 1908 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
1909 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1910 sizeof(cp->val), &cp->val);
1911
72ef0c1a 1912 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1913 if (err < 0) {
1914 mgmt_pending_remove(cmd);
1915 goto failed;
1916 }
1917
1918failed:
1919 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1920 return err;
1921}
1922
bdb6d971 1923static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1924{
1925 struct mgmt_mode *cp = data;
ee392693 1926 bool changed;
e6fe7986 1927 u8 status;
ee392693 1928 int err;
6d80dfd0 1929
bdb6d971 1930 BT_DBG("request for %s", hdev->name);
6d80dfd0 1931
e6fe7986
JH		 1932 status = mgmt_bredr_support(hdev);
1933 if (status)
1934 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1935
9ecb3e24
MH		 1936 if (!lmp_ssp_capable(hdev))
1937 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1938 MGMT_STATUS_NOT_SUPPORTED);
1939
1940 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1941 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1942 MGMT_STATUS_REJECTED);
1943
a7e80f25
JH		 1944 if (cp->val != 0x00 && cp->val != 0x01)
1945 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1946 MGMT_STATUS_INVALID_PARAMS);
1947
ee392693
MH		 1948 hci_dev_lock(hdev);
1949
a0cdf960 1950 if (cp->val) {
ee392693 1951 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1952 } else {
1953 if (hdev_is_powered(hdev)) {
1954 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1955 MGMT_STATUS_REJECTED);
1956 goto unlock;
1957 }
1958
ee392693 1959 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1960 }
ee392693
MH		 1961
1962 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1963 if (err < 0)
1964 goto unlock;
1965
1966 if (changed)
1967 err = new_settings(hdev, sk);
6d80dfd0 1968
ee392693
MH		 1969unlock:
1970 hci_dev_unlock(hdev);
1971 return err;
6d80dfd0
JH		 1972}
1973
416a4ae5
JH		 1974static void le_enable_complete(struct hci_dev *hdev, u8 status)
1975{
1976 struct cmd_lookup match = { NULL, hdev };
1977
1978 if (status) {
1979 u8 mgmt_err = mgmt_status(status);
1980
1981 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1982 &mgmt_err);
1983 return;
1984 }
1985
1986 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1987
1988 new_settings(hdev, match.sk);
1989
1990 if (match.sk)
1991 sock_put(match.sk);
441ad2d0
MH		 1992
1993 /* Make sure the controller has a good default for
1994 * advertising data. Restrict the update to when LE
1995 * has actually been enabled. During power on, the
1996 * update in powered_update_hci will take care of it.
1997 */
1998 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1999 struct hci_request req;
2000
2001 hci_dev_lock(hdev);
2002
2003 hci_req_init(&req, hdev);
5947f4bc 2004 update_adv_data(&req);
f14d8f64 2005 update_scan_rsp_data(&req);
441ad2d0
MH		 2006 hci_req_run(&req, NULL);
2007
2008 hci_dev_unlock(hdev);
2009 }
416a4ae5
JH		 2010}
2011
bdb6d971 2012static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2013{
2014 struct mgmt_mode *cp = data;
2015 struct hci_cp_write_le_host_supported hci_cp;
2016 struct pending_cmd *cmd;
416a4ae5 2017 struct hci_request req;
06199cf8 2018 int err;
0b60eba1 2019 u8 val, enabled;
06199cf8 2020
bdb6d971 2021 BT_DBG("request for %s", hdev->name);
06199cf8 2022
13ecd8b6
JH		 2023 if (!lmp_le_capable(hdev))
2024 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2025 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2026
a7e80f25
JH		 2027 if (cp->val != 0x00 && cp->val != 0x01)
2028 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2029 MGMT_STATUS_INVALID_PARAMS);
2030
c73eee91 2031 /* LE-only devices do not allow toggling LE on/off */
56f87901 2032 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 2033 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2034 MGMT_STATUS_REJECTED);
2035
13ecd8b6 2036 hci_dev_lock(hdev);
06199cf8
JH		 2037
2038 val = !!cp->val;
ffa88e02 2039 enabled = lmp_host_le_capable(hdev);
06199cf8 2040
0b60eba1 2041 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2042 bool changed = false;
2043
2044 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2045 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2046 changed = true;
2047 }
2048
f3d3444a
JH		 2049 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2050 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 2051 changed = true;
2052 }
2053
06199cf8
JH		 2054 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2055 if (err < 0)
1de028ce 2056 goto unlock;
06199cf8
JH		 2057
2058 if (changed)
2059 err = new_settings(hdev, sk);
2060
1de028ce 2061 goto unlock;
06199cf8
JH		 2062 }
2063
4375f103
JH		 2064 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2065 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 2066 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 2067 MGMT_STATUS_BUSY);
1de028ce 2068 goto unlock;
06199cf8
JH		 2069 }
2070
2071 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2072 if (!cmd) {
2073 err = -ENOMEM;
1de028ce 2074 goto unlock;
06199cf8
JH		 2075 }
2076
441ad2d0
MH		 2077 hci_req_init(&req, hdev);
2078
06199cf8
JH		 2079 memset(&hci_cp, 0, sizeof(hci_cp));
2080
2081 if (val) {
2082 hci_cp.le = val;
ffa88e02 2083 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 2084 } else {
2085 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
2086 disable_advertising(&req);
06199cf8
JH		 2087 }
2088
416a4ae5
JH		 2089 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2090 &hci_cp);
2091
2092 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2093 if (err < 0)
06199cf8 2094 mgmt_pending_remove(cmd);
06199cf8 2095
1de028ce
JH		 2096unlock:
2097 hci_dev_unlock(hdev);
06199cf8
JH		 2098 return err;
2099}
2100
0cab9c80
JH		 2101/* This is a helper function to test for pending mgmt commands that can
2102 * cause CoD or EIR HCI commands. We can only allow one such pending
2103 * mgmt command at a time since otherwise we cannot easily track what
2104 * the current values are, will be, and based on that calculate if a new
2105 * HCI command needs to be sent and if yes with what value.
2106 */
2107static bool pending_eir_or_class(struct hci_dev *hdev)
2108{
2109 struct pending_cmd *cmd;
2110
2111 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2112 switch (cmd->opcode) {
2113 case MGMT_OP_ADD_UUID:
2114 case MGMT_OP_REMOVE_UUID:
2115 case MGMT_OP_SET_DEV_CLASS:
2116 case MGMT_OP_SET_POWERED:
2117 return true;
2118 }
2119 }
2120
2121 return false;
2122}
2123
83be8eca
JH		 2124static const u8 bluetooth_base_uuid[] = {
2125 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2126 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2127};
2128
2129static u8 get_uuid_size(const u8 *uuid)
2130{
2131 u32 val;
2132
2133 if (memcmp(uuid, bluetooth_base_uuid, 12))
2134 return 128;
2135
2136 val = get_unaligned_le32(&uuid[12]);
2137 if (val > 0xffff)
2138 return 32;
2139
2140 return 16;
2141}
2142
92da6097
JH		 2143static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2144{
2145 struct pending_cmd *cmd;
2146
2147 hci_dev_lock(hdev);
2148
2149 cmd = mgmt_pending_find(mgmt_op, hdev);
2150 if (!cmd)
2151 goto unlock;
2152
2153 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2154 hdev->dev_class, 3);
2155
2156 mgmt_pending_remove(cmd);
2157
2158unlock:
2159 hci_dev_unlock(hdev);
2160}
2161
2162static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2163{
2164 BT_DBG("status 0x%02x", status);
2165
2166 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2167}
2168
bdb6d971 2169static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2170{
650f726d 2171 struct mgmt_cp_add_uuid *cp = data;
90e70454 2172 struct pending_cmd *cmd;
890ea898 2173 struct hci_request req;
2aeb9a1a 2174 struct bt_uuid *uuid;
2aeb9a1a
JH		 2175 int err;
2176
bdb6d971 2177 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2178
09fd0de5 2179 hci_dev_lock(hdev);
2aeb9a1a 2180
0cab9c80 2181 if (pending_eir_or_class(hdev)) {
bdb6d971 2182 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2183 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2184 goto failed;
2185 }
2186
92c4c204 2187 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2188 if (!uuid) {
2189 err = -ENOMEM;
2190 goto failed;
2191 }
2192
2193 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2194 uuid->svc_hint = cp->svc_hint;
83be8eca 2195 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2196
de66aa63 2197 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2198
890ea898 2199 hci_req_init(&req, hdev);
1aff6f09 2200
890ea898
JH		 2201 update_class(&req);
2202 update_eir(&req);
2203
92da6097
JH		 2204 err = hci_req_run(&req, add_uuid_complete);
2205 if (err < 0) {
2206 if (err != -ENODATA)
2207 goto failed;
80a1e1db 2208
bdb6d971 2209 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2210 hdev->dev_class, 3);
90e70454
JH		 2211 goto failed;
2212 }
2213
2214 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2215 if (!cmd) {
90e70454 2216 err = -ENOMEM;
890ea898
JH		 2217 goto failed;
2218 }
2219
2220 err = 0;
2aeb9a1a
JH		 2221
2222failed:
09fd0de5 2223 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2224 return err;
2225}
2226
24b78d0f
JH		 2227static bool enable_service_cache(struct hci_dev *hdev)
2228{
2229 if (!hdev_is_powered(hdev))
2230 return false;
2231
2232 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2233 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2234 CACHE_TIMEOUT);
24b78d0f
JH		 2235 return true;
2236 }
2237
2238 return false;
2239}
2240
92da6097
JH		 2241static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2242{
2243 BT_DBG("status 0x%02x", status);
2244
2245 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2246}
2247
bdb6d971 2248static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2249 u16 len)
2aeb9a1a 2250{
650f726d 2251 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2252 struct pending_cmd *cmd;
056341c8 2253 struct bt_uuid *match, *tmp;
2aeb9a1a 2254 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2255 struct hci_request req;
2aeb9a1a
JH		 2256 int err, found;
2257
bdb6d971 2258 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2259
09fd0de5 2260 hci_dev_lock(hdev);
2aeb9a1a 2261
0cab9c80 2262 if (pending_eir_or_class(hdev)) {
bdb6d971 2263 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2264 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2265 goto unlock;
2266 }
2267
2aeb9a1a 2268 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2269 hci_uuids_clear(hdev);
4004b6d9 2270
24b78d0f 2271 if (enable_service_cache(hdev)) {
bdb6d971 2272 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2273 0, hdev->dev_class, 3);
24b78d0f
JH		 2274 goto unlock;
2275 }
4004b6d9 2276
9246a869 2277 goto update_class;
2aeb9a1a
JH		 2278 }
2279
2280 found = 0;
2281
056341c8 2282 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2283 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2284 continue;
2285
2286 list_del(&match->list);
482049f7 2287 kfree(match);
2aeb9a1a
JH		 2288 found++;
2289 }
2290
2291 if (found == 0) {
bdb6d971 2292 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2293 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2294 goto unlock;
2295 }
2296
9246a869 2297update_class:
890ea898 2298 hci_req_init(&req, hdev);
1aff6f09 2299
890ea898
JH		 2300 update_class(&req);
2301 update_eir(&req);
2302
92da6097
JH		 2303 err = hci_req_run(&req, remove_uuid_complete);
2304 if (err < 0) {
2305 if (err != -ENODATA)
2306 goto unlock;
80a1e1db 2307
bdb6d971 2308 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2309 hdev->dev_class, 3);
90e70454
JH		 2310 goto unlock;
2311 }
2312
2313 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2314 if (!cmd) {
90e70454 2315 err = -ENOMEM;
890ea898
JH		 2316 goto unlock;
2317 }
2318
2319 err = 0;
2aeb9a1a
JH		 2320
2321unlock:
09fd0de5 2322 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2323 return err;
2324}
2325
92da6097
JH		 2326static void set_class_complete(struct hci_dev *hdev, u8 status)
2327{
2328 BT_DBG("status 0x%02x", status);
2329
2330 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2331}
2332
bdb6d971 2333static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2334 u16 len)
1aff6f09 2335{
650f726d 2336 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2337 struct pending_cmd *cmd;
890ea898 2338 struct hci_request req;
1aff6f09
JH		 2339 int err;
2340
bdb6d971 2341 BT_DBG("request for %s", hdev->name);
1aff6f09 2342
6203fc98 2343 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2344 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2345 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2346
0cab9c80 2347 hci_dev_lock(hdev);
ee98f473 2348
0cab9c80
JH		 2349 if (pending_eir_or_class(hdev)) {
2350 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2351 MGMT_STATUS_BUSY);
2352 goto unlock;
2353 }
c95f0ba7 2354
0cab9c80
JH		 2355 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2356 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2357 MGMT_STATUS_INVALID_PARAMS);
2358 goto unlock;
2359 }
575b3a02 2360
932f5ff5
JH		 2361 hdev->major_class = cp->major;
2362 hdev->minor_class = cp->minor;
2363
b5235a65 2364 if (!hdev_is_powered(hdev)) {
bdb6d971 2365 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2366 hdev->dev_class, 3);
b5235a65
JH		 2367 goto unlock;
2368 }
2369
890ea898
JH		 2370 hci_req_init(&req, hdev);
2371
a8b2d5c2 2372 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2373 hci_dev_unlock(hdev);
2374 cancel_delayed_work_sync(&hdev->service_cache);
2375 hci_dev_lock(hdev);
890ea898 2376 update_eir(&req);
7d78525d 2377 }
14c0b608 2378
890ea898
JH		 2379 update_class(&req);
2380
92da6097
JH		 2381 err = hci_req_run(&req, set_class_complete);
2382 if (err < 0) {
2383 if (err != -ENODATA)
2384 goto unlock;
1aff6f09 2385
bdb6d971 2386 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2387 hdev->dev_class, 3);
90e70454
JH		 2388 goto unlock;
2389 }
2390
2391 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2392 if (!cmd) {
90e70454 2393 err = -ENOMEM;
890ea898
JH		 2394 goto unlock;
2395 }
2396
2397 err = 0;
1aff6f09 2398
b5235a65 2399unlock:
09fd0de5 2400 hci_dev_unlock(hdev);
1aff6f09
JH		 2401 return err;
2402}
2403
bdb6d971 2404static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2405 u16 len)
55ed8ca1 2406{
650f726d 2407 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 2408 u16 key_count, expected_len;
b1de97d8 2409 bool changed;
a492cd52 2410 int i;
55ed8ca1 2411
9060d5cf
MH		 2412 BT_DBG("request for %s", hdev->name);
2413
2414 if (!lmp_bredr_capable(hdev))
2415 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2416 MGMT_STATUS_NOT_SUPPORTED);
2417
1f350c87 2418 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 2419
86742e1e
JH		 2420 expected_len = sizeof(*cp) + key_count *
2421 sizeof(struct mgmt_link_key_info);
a492cd52 2422 if (expected_len != len) {
86742e1e 2423 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2424 expected_len, len);
bdb6d971 2425 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2426 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2427 }
2428
4ae14301
JH		 2429 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2430 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2431 MGMT_STATUS_INVALID_PARAMS);
2432
bdb6d971 2433 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2434 key_count);
55ed8ca1 2435
4ee71b20
JH		 2436 for (i = 0; i < key_count; i++) {
2437 struct mgmt_link_key_info *key = &cp->keys[i];
2438
8e991132 2439 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2440 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2441 MGMT_STATUS_INVALID_PARAMS);
2442 }
2443
09fd0de5 2444 hci_dev_lock(hdev);
55ed8ca1
JH		 2445
2446 hci_link_keys_clear(hdev);
2447
55ed8ca1 2448 if (cp->debug_keys)
0663b297
JH		 2449 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2450 &hdev->dev_flags);
55ed8ca1 2451 else
0663b297
JH		 2452 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2453 &hdev->dev_flags);
b1de97d8
MH		 2454
2455 if (changed)
2456 new_settings(hdev, NULL);
55ed8ca1 2457
a492cd52 2458 for (i = 0; i < key_count; i++) {
86742e1e 2459 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2460
58e9293c
JH		 2461 /* Always ignore debug keys and require a new pairing if
2462 * the user wants to use them.
2463 */
2464 if (key->type == HCI_LK_DEBUG_COMBINATION)
2465 continue;
2466
7652ff6a
JH		 2467 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2468 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2469 }
2470
bdb6d971 2471 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2472
09fd0de5 2473 hci_dev_unlock(hdev);
55ed8ca1 2474
a492cd52 2475 return 0;
55ed8ca1
JH		 2476}
2477
b1078ad0 2478static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2479 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2480{
2481 struct mgmt_ev_device_unpaired ev;
2482
2483 bacpy(&ev.addr.bdaddr, bdaddr);
2484 ev.addr.type = addr_type;
2485
2486 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2487 skip_sk);
b1078ad0
JH		 2488}
2489
bdb6d971 2490static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2491 u16 len)
55ed8ca1 2492{
124f6e35
JH		 2493 struct mgmt_cp_unpair_device *cp = data;
2494 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2495 struct hci_cp_disconnect dc;
2496 struct pending_cmd *cmd;
55ed8ca1 2497 struct hci_conn *conn;
55ed8ca1
JH		 2498 int err;
2499
a8a1d19e 2500 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2501 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2502 rp.addr.type = cp->addr.type;
a8a1d19e 2503
4ee71b20
JH		 2504 if (!bdaddr_type_is_valid(cp->addr.type))
2505 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2506 MGMT_STATUS_INVALID_PARAMS,
2507 &rp, sizeof(rp));
2508
118da70b
JH		 2509 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2510 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2511 MGMT_STATUS_INVALID_PARAMS,
2512 &rp, sizeof(rp));
2513
4ee71b20
JH		 2514 hci_dev_lock(hdev);
2515
86a8cfc6 2516 if (!hdev_is_powered(hdev)) {
bdb6d971 2517 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2518 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2519 goto unlock;
2520 }
2521
e0b2b27e 2522 if (cp->addr.type == BDADDR_BREDR) {
124f6e35 2523 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2524 } else {
2525 u8 addr_type;
2526
2527 if (cp->addr.type == BDADDR_LE_PUBLIC)
2528 addr_type = ADDR_LE_DEV_PUBLIC;
2529 else
2530 addr_type = ADDR_LE_DEV_RANDOM;
2531
a7ec7338
JH		 2532 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2533
a9b0a04c
AG		 2534 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2535
e0b2b27e
JH		 2536 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2537 }
b0dbfb46 2538
55ed8ca1 2539 if (err < 0) {
bdb6d971 2540 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2541 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2542 goto unlock;
2543 }
2544
86a8cfc6 2545 if (cp->disconnect) {
591f47f3 2546 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2547 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2548 &cp->addr.bdaddr);
86a8cfc6
JH		 2549 else
2550 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2551 &cp->addr.bdaddr);
86a8cfc6
JH		 2552 } else {
2553 conn = NULL;
2554 }
124f6e35 2555
a8a1d19e 2556 if (!conn) {
bdb6d971 2557 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2558 &rp, sizeof(rp));
b1078ad0 2559 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2560 goto unlock;
2561 }
55ed8ca1 2562
124f6e35 2563 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2564 sizeof(*cp));
a8a1d19e
JH		 2565 if (!cmd) {
2566 err = -ENOMEM;
2567 goto unlock;
55ed8ca1
JH		 2568 }
2569
eb55ef07 2570 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2571 dc.reason = 0x13; /* Remote User Terminated Connection */
2572 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2573 if (err < 0)
2574 mgmt_pending_remove(cmd);
2575
55ed8ca1 2576unlock:
09fd0de5 2577 hci_dev_unlock(hdev);
55ed8ca1
JH		 2578 return err;
2579}
2580
bdb6d971 2581static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2582 u16 len)
8962ee74 2583{
650f726d 2584 struct mgmt_cp_disconnect *cp = data;
06a63b19 2585 struct mgmt_rp_disconnect rp;
8962ee74 2586 struct hci_cp_disconnect dc;
366a0336 2587 struct pending_cmd *cmd;
8962ee74 2588 struct hci_conn *conn;
8962ee74
JH		 2589 int err;
2590
2591 BT_DBG("");
2592
06a63b19
JH		 2593 memset(&rp, 0, sizeof(rp));
2594 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2595 rp.addr.type = cp->addr.type;
2596
4ee71b20 2597 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2598 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2599 MGMT_STATUS_INVALID_PARAMS,
2600 &rp, sizeof(rp));
4ee71b20 2601
09fd0de5 2602 hci_dev_lock(hdev);
8962ee74
JH		 2603
2604 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2605 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2606 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2607 goto failed;
2608 }
2609
2e58ef3e 2610 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2611 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2612 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2613 goto failed;
2614 }
2615
591f47f3 2616 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2617 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2618 &cp->addr.bdaddr);
88c3df13
JH		 2619 else
2620 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2621
f960727e 2622 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2623 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2624 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2625 goto failed;
2626 }
2627
2e58ef3e 2628 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2629 if (!cmd) {
2630 err = -ENOMEM;
8962ee74 2631 goto failed;
366a0336 2632 }
8962ee74 2633
eb55ef07 2634 dc.handle = cpu_to_le16(conn->handle);
3701f944 2635 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2636
2637 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2638 if (err < 0)
a664b5bc 2639 mgmt_pending_remove(cmd);
8962ee74
JH		 2640
2641failed:
09fd0de5 2642 hci_dev_unlock(hdev);
8962ee74
JH		 2643 return err;
2644}
2645
57c1477c 2646static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2647{
2648 switch (link_type) {
2649 case LE_LINK:
48264f06
JH		 2650 switch (addr_type) {
2651 case ADDR_LE_DEV_PUBLIC:
591f47f3 2652 return BDADDR_LE_PUBLIC;
0ed09148 2653
48264f06 2654 default:
0ed09148 2655 /* Fallback to LE Random address type */
591f47f3 2656 return BDADDR_LE_RANDOM;
48264f06 2657 }
0ed09148 2658
4c659c39 2659 default:
0ed09148 2660 /* Fallback to BR/EDR type */
591f47f3 2661 return BDADDR_BREDR;
4c659c39
JH		 2662 }
2663}
2664
04124681
GP		 2665static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2666 u16 data_len)
2784eb41 2667{
2784eb41 2668 struct mgmt_rp_get_connections *rp;
8035ded4 2669 struct hci_conn *c;
a38528f1 2670 size_t rp_len;
60fc5fb6
JH		 2671 int err;
2672 u16 i;
2784eb41
JH		 2673
2674 BT_DBG("");
2675
09fd0de5 2676 hci_dev_lock(hdev);
2784eb41 2677
5f97c1df 2678 if (!hdev_is_powered(hdev)) {
bdb6d971 2679 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2680 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2681 goto unlock;
2682 }
2683
60fc5fb6 2684 i = 0;
b644ba33
JH		 2685 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2686 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2687 i++;
2784eb41
JH		 2688 }
2689
60fc5fb6 2690 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2691 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2692 if (!rp) {
2784eb41
JH		 2693 err = -ENOMEM;
2694 goto unlock;
2695 }
2696
2784eb41 2697 i = 0;
4c659c39 2698 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2699 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2700 continue;
4c659c39 2701 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2702 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2703 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2704 continue;
2705 i++;
2706 }
2707
eb55ef07 2708 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2709
4c659c39
JH		 2710 /* Recalculate length in case of filtered SCO connections, etc */
2711 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2712
bdb6d971 2713 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2714 rp_len);
2784eb41 2715
a38528f1 2716 kfree(rp);
5f97c1df
JH		 2717
2718unlock:
09fd0de5 2719 hci_dev_unlock(hdev);
2784eb41
JH		 2720 return err;
2721}
2722
bdb6d971 2723static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2724 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2725{
2726 struct pending_cmd *cmd;
2727 int err;
2728
2e58ef3e 2729 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2730 sizeof(*cp));
96d97a67
WR		 2731 if (!cmd)
2732 return -ENOMEM;
2733
d8457698 2734 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2735 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2736 if (err < 0)
2737 mgmt_pending_remove(cmd);
2738
2739 return err;
2740}
2741
bdb6d971 2742static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2743 u16 len)
980e1a53 2744{
96d97a67 2745 struct hci_conn *conn;
650f726d 2746 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2747 struct hci_cp_pin_code_reply reply;
366a0336 2748 struct pending_cmd *cmd;
980e1a53
JH		 2749 int err;
2750
2751 BT_DBG("");
2752
09fd0de5 2753 hci_dev_lock(hdev);
980e1a53 2754
4b34ee78 2755 if (!hdev_is_powered(hdev)) {
bdb6d971 2756 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2757 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2758 goto failed;
2759 }
2760
d8457698 2761 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2762 if (!conn) {
bdb6d971 2763 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2764 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2765 goto failed;
2766 }
2767
2768 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2769 struct mgmt_cp_pin_code_neg_reply ncp;
2770
2771 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2772
2773 BT_ERR("PIN code is not 16 bytes long");
2774
bdb6d971 2775 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2776 if (err >= 0)
bdb6d971 2777 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2778 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2779
2780 goto failed;
2781 }
2782
00abfe44 2783 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2784 if (!cmd) {
2785 err = -ENOMEM;
980e1a53 2786 goto failed;
366a0336 2787 }
980e1a53 2788
d8457698 2789 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2790 reply.pin_len = cp->pin_len;
24718ca5 2791 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2792
2793 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2794 if (err < 0)
a664b5bc 2795 mgmt_pending_remove(cmd);
980e1a53
JH		 2796
2797failed:
09fd0de5 2798 hci_dev_unlock(hdev);
980e1a53
JH		 2799 return err;
2800}
2801
04124681
GP		 2802static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2803 u16 len)
17fa4b9d 2804{
650f726d 2805 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2806
2807 BT_DBG("");
2808
4ec86d4c
JH		 2809 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2810 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2811 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
2812
09fd0de5 2813 hci_dev_lock(hdev);
17fa4b9d
JH		 2814
2815 hdev->io_capability = cp->io_capability;
2816
2817 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2818 hdev->io_capability);
17fa4b9d 2819
09fd0de5 2820 hci_dev_unlock(hdev);
17fa4b9d 2821
04124681
GP		 2822 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2823 0);
17fa4b9d
JH		 2824}
2825
6039aa73 2826static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2827{
2828 struct hci_dev *hdev = conn->hdev;
8035ded4 2829 struct pending_cmd *cmd;
e9a416b5 2830
2e58ef3e 2831 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2832 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2833 continue;
2834
e9a416b5
JH		 2835 if (cmd->user_data != conn)
2836 continue;
2837
2838 return cmd;
2839 }
2840
2841 return NULL;
2842}
2843
2844static void pairing_complete(struct pending_cmd *cmd, u8 status)
2845{
2846 struct mgmt_rp_pair_device rp;
2847 struct hci_conn *conn = cmd->user_data;
2848
61b1a7fb
JH		 2849 bacpy(&rp.addr.bdaddr, &conn->dst);
2850 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2851
aee9b218 2852 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2853 &rp, sizeof(rp));
e9a416b5
JH		 2854
2855 /* So we don't get further callbacks for this connection */
2856 conn->connect_cfm_cb = NULL;
2857 conn->security_cfm_cb = NULL;
2858 conn->disconn_cfm_cb = NULL;
2859
76a68ba0 2860 hci_conn_drop(conn);
e9a416b5 2861
a664b5bc 2862 mgmt_pending_remove(cmd);
e9a416b5
JH		 2863}
2864
f4a407be
JH		 2865void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2866{
2867 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2868 struct pending_cmd *cmd;
2869
2870 cmd = find_pairing(conn);
2871 if (cmd)
2872 pairing_complete(cmd, status);
2873}
2874
e9a416b5
JH		 2875static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2876{
2877 struct pending_cmd *cmd;
2878
2879 BT_DBG("status %u", status);
2880
2881 cmd = find_pairing(conn);
56e5cb86 2882 if (!cmd)
e9a416b5 2883 BT_DBG("Unable to find a pending command");
56e5cb86 2884 else
e211326c 2885 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2886}
2887
f4a407be 2888static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 2889{
2890 struct pending_cmd *cmd;
2891
2892 BT_DBG("status %u", status);
2893
2894 if (!status)
2895 return;
2896
2897 cmd = find_pairing(conn);
2898 if (!cmd)
2899 BT_DBG("Unable to find a pending command");
2900 else
2901 pairing_complete(cmd, mgmt_status(status));
2902}
2903
bdb6d971 2904static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2905 u16 len)
e9a416b5 2906{
650f726d 2907 struct mgmt_cp_pair_device *cp = data;
1425acb7 2908 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2909 struct pending_cmd *cmd;
2910 u8 sec_level, auth_type;
2911 struct hci_conn *conn;
e9a416b5
JH		 2912 int err;
2913
2914 BT_DBG("");
2915
f950a30e
SJ		 2916 memset(&rp, 0, sizeof(rp));
2917 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2918 rp.addr.type = cp->addr.type;
2919
4ee71b20
JH		 2920 if (!bdaddr_type_is_valid(cp->addr.type))
2921 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2922 MGMT_STATUS_INVALID_PARAMS,
2923 &rp, sizeof(rp));
2924
4ec86d4c
JH		 2925 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2926 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2927 MGMT_STATUS_INVALID_PARAMS,
2928 &rp, sizeof(rp));
2929
09fd0de5 2930 hci_dev_lock(hdev);
e9a416b5 2931
5f97c1df 2932 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2933 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2934 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2935 goto unlock;
2936 }
2937
c908df36 2938 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 2939 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 2940
6f77d8c7 2941 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 2942 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2943 auth_type);
6f77d8c7
AG		 2944 } else {
2945 u8 addr_type;
2946
2947 /* Convert from L2CAP channel address type to HCI address type
2948 */
2949 if (cp->addr.type == BDADDR_LE_PUBLIC)
2950 addr_type = ADDR_LE_DEV_PUBLIC;
2951 else
2952 addr_type = ADDR_LE_DEV_RANDOM;
2953
7c264b10
MH		 2954 /* When pairing a new device, it is expected to remember
2955 * this device for future connections. Adding the connection
2956 * parameter information ahead of time allows tracking
2957 * of the slave preferred values and will speed up any
2958 * further connection establishment.
2959 *
2960 * If connection parameters already exist, then they
2961 * will be kept and this function does nothing.
2962 */
2963 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2964
6f77d8c7 2965 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
04a6c589 2966 sec_level, auth_type);
6f77d8c7 2967 }
7a512d01 2968
30e76272 2969 if (IS_ERR(conn)) {
489dc48e
AK		 2970 int status;
2971
2972 if (PTR_ERR(conn) == -EBUSY)
2973 status = MGMT_STATUS_BUSY;
2974 else
2975 status = MGMT_STATUS_CONNECT_FAILED;
2976
bdb6d971 2977 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2978 status, &rp,
04124681 2979 sizeof(rp));
e9a416b5
JH		 2980 goto unlock;
2981 }
2982
2983 if (conn->connect_cfm_cb) {
76a68ba0 2984 hci_conn_drop(conn);
bdb6d971 2985 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2986 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2987 goto unlock;
2988 }
2989
2e58ef3e 2990 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2991 if (!cmd) {
2992 err = -ENOMEM;
76a68ba0 2993 hci_conn_drop(conn);
e9a416b5
JH		 2994 goto unlock;
2995 }
2996
7a512d01 2997 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 2998 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 2999 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3000 conn->security_cfm_cb = pairing_complete_cb;
3001 conn->disconn_cfm_cb = pairing_complete_cb;
3002 } else {
3003 conn->connect_cfm_cb = le_pairing_complete_cb;
3004 conn->security_cfm_cb = le_pairing_complete_cb;
3005 conn->disconn_cfm_cb = le_pairing_complete_cb;
3006 }
7a512d01 3007
e9a416b5
JH		 3008 conn->io_capability = cp->io_cap;
3009 cmd->user_data = conn;
3010
3011 if (conn->state == BT_CONNECTED &&
8ce8e2b5 3012 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 3013 pairing_complete(cmd, 0);
3014
3015 err = 0;
3016
3017unlock:
09fd0de5 3018 hci_dev_unlock(hdev);
e9a416b5
JH		 3019 return err;
3020}
3021
04124681
GP		 3022static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3023 u16 len)
28424707 3024{
0f4e68cf 3025 struct mgmt_addr_info *addr = data;
28424707
JH		 3026 struct pending_cmd *cmd;
3027 struct hci_conn *conn;
3028 int err;
3029
3030 BT_DBG("");
3031
28424707
JH		 3032 hci_dev_lock(hdev);
3033
5f97c1df 3034 if (!hdev_is_powered(hdev)) {
bdb6d971 3035 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3036 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3037 goto unlock;
3038 }
3039
28424707
JH		 3040 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3041 if (!cmd) {
bdb6d971 3042 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3043 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3044 goto unlock;
3045 }
3046
3047 conn = cmd->user_data;
3048
3049 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 3050 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3051 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3052 goto unlock;
3053 }
3054
3055 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
3056
bdb6d971 3057 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 3058 addr, sizeof(*addr));
28424707
JH		 3059unlock:
3060 hci_dev_unlock(hdev);
28424707
JH		 3061 return err;
3062}
3063
bdb6d971 3064static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3065 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3066 u16 hci_op, __le32 passkey)
a5c29683 3067{
a5c29683 3068 struct pending_cmd *cmd;
0df4c185 3069 struct hci_conn *conn;
a5c29683
JH		 3070 int err;
3071
09fd0de5 3072 hci_dev_lock(hdev);
08ba5382 3073
4b34ee78 3074 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 3075 err = cmd_complete(sk, hdev->id, mgmt_op,
3076 MGMT_STATUS_NOT_POWERED, addr,
3077 sizeof(*addr));
0df4c185 3078 goto done;
a5c29683
JH		 3079 }
3080
1707c60e
JH		 3081 if (addr->type == BDADDR_BREDR)
3082 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3083 else
1707c60e 3084 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3085
3086 if (!conn) {
feb94d3d
JH		 3087 err = cmd_complete(sk, hdev->id, mgmt_op,
3088 MGMT_STATUS_NOT_CONNECTED, addr,
3089 sizeof(*addr));
272d90df
JH		 3090 goto done;
3091 }
47c15e2b 3092
1707c60e 3093 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3094 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3095 if (!err)
feb94d3d
JH		 3096 err = cmd_complete(sk, hdev->id, mgmt_op,
3097 MGMT_STATUS_SUCCESS, addr,
3098 sizeof(*addr));
5fe57d9e 3099 else
feb94d3d
JH		 3100 err = cmd_complete(sk, hdev->id, mgmt_op,
3101 MGMT_STATUS_FAILED, addr,
3102 sizeof(*addr));
47c15e2b 3103
47c15e2b
BG		 3104 goto done;
3105 }
3106
1707c60e 3107 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3108 if (!cmd) {
3109 err = -ENOMEM;
0df4c185 3110 goto done;
a5c29683
JH		 3111 }
3112
0df4c185 3113 /* Continue with pairing via HCI */
604086b7
BG		 3114 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3115 struct hci_cp_user_passkey_reply cp;
3116
1707c60e 3117 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3118 cp.passkey = passkey;
3119 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3120 } else
1707c60e
JH		 3121 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3122 &addr->bdaddr);
604086b7 3123
a664b5bc
JH		 3124 if (err < 0)
3125 mgmt_pending_remove(cmd);
a5c29683 3126
0df4c185 3127done:
09fd0de5 3128 hci_dev_unlock(hdev);
a5c29683
JH		 3129 return err;
3130}
3131
afeb019d
JK		 3132static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3133 void *data, u16 len)
3134{
3135 struct mgmt_cp_pin_code_neg_reply *cp = data;
3136
3137 BT_DBG("");
3138
1707c60e 3139 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3140 MGMT_OP_PIN_CODE_NEG_REPLY,
3141 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3142}
3143
04124681
GP		 3144static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3145 u16 len)
0df4c185 3146{
650f726d 3147 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3148
3149 BT_DBG("");
3150
3151 if (len != sizeof(*cp))
bdb6d971 3152 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3153 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3154
1707c60e 3155 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3156 MGMT_OP_USER_CONFIRM_REPLY,
3157 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3158}
3159
bdb6d971 3160static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3161 void *data, u16 len)
0df4c185 3162{
c9c2659f 3163 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3164
3165 BT_DBG("");
3166
1707c60e 3167 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3168 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3169 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3170}
3171
04124681
GP		 3172static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3173 u16 len)
604086b7 3174{
650f726d 3175 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3176
3177 BT_DBG("");
3178
1707c60e 3179 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3180 MGMT_OP_USER_PASSKEY_REPLY,
3181 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3182}
3183
bdb6d971 3184static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3185 void *data, u16 len)
604086b7 3186{
650f726d 3187 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3188
3189 BT_DBG("");
3190
1707c60e 3191 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3192 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3193 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3194}
3195
13928971 3196static void update_name(struct hci_request *req)
2b4bf397 3197{
13928971 3198 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3199 struct hci_cp_write_local_name cp;
3200
13928971 3201 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3202
890ea898 3203 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3204}
3205
13928971
JH		 3206static void set_name_complete(struct hci_dev *hdev, u8 status)
3207{
3208 struct mgmt_cp_set_local_name *cp;
3209 struct pending_cmd *cmd;
3210
3211 BT_DBG("status 0x%02x", status);
3212
3213 hci_dev_lock(hdev);
3214
3215 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3216 if (!cmd)
3217 goto unlock;
3218
3219 cp = cmd->param;
3220
3221 if (status)
3222 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3223 mgmt_status(status));
3224 else
3225 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3226 cp, sizeof(*cp));
3227
3228 mgmt_pending_remove(cmd);
3229
3230unlock:
3231 hci_dev_unlock(hdev);
3232}
3233
bdb6d971 3234static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3235 u16 len)
b312b161 3236{
2b4bf397 3237 struct mgmt_cp_set_local_name *cp = data;
b312b161 3238 struct pending_cmd *cmd;
890ea898 3239 struct hci_request req;
b312b161
JH		 3240 int err;
3241
3242 BT_DBG("");
3243
09fd0de5 3244 hci_dev_lock(hdev);
b312b161 3245
b3f2ca94
JH		 3246 /* If the old values are the same as the new ones just return a
3247 * direct command complete event.
3248 */
3249 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3250 !memcmp(hdev->short_name, cp->short_name,
3251 sizeof(hdev->short_name))) {
3252 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3253 data, len);
3254 goto failed;
3255 }
3256
2b4bf397 3257 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3258
b5235a65 3259 if (!hdev_is_powered(hdev)) {
2b4bf397 3260 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3261
3262 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3263 data, len);
28cc7bde
JH		 3264 if (err < 0)
3265 goto failed;
3266
3267 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3268 sk);
28cc7bde 3269
b5235a65
JH		 3270 goto failed;
3271 }
3272
28cc7bde 3273 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3274 if (!cmd) {
3275 err = -ENOMEM;
3276 goto failed;
3277 }
3278
13928971
JH		 3279 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3280
890ea898 3281 hci_req_init(&req, hdev);
3f985050
JH		 3282
3283 if (lmp_bredr_capable(hdev)) {
3284 update_name(&req);
3285 update_eir(&req);
3286 }
3287
7a5f4990
MH		 3288 /* The name is stored in the scan response data and so
3289 * no need to udpate the advertising data here.
3290 */
3f985050 3291 if (lmp_le_capable(hdev))
7a5f4990 3292 update_scan_rsp_data(&req);
3f985050 3293
13928971 3294 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3295 if (err < 0)
3296 mgmt_pending_remove(cmd);
3297
3298failed:
09fd0de5 3299 hci_dev_unlock(hdev);
b312b161
JH		 3300 return err;
3301}
3302
0f4e68cf 3303static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3304 void *data, u16 data_len)
c35938b2 3305{
c35938b2
SJ		 3306 struct pending_cmd *cmd;
3307 int err;
3308
bdb6d971 3309 BT_DBG("%s", hdev->name);
c35938b2 3310
09fd0de5 3311 hci_dev_lock(hdev);
c35938b2 3312
4b34ee78 3313 if (!hdev_is_powered(hdev)) {
bdb6d971 3314 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3315 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3316 goto unlock;
3317 }
3318
9a1a1996 3319 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3320 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3321 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3322 goto unlock;
3323 }
3324
2e58ef3e 3325 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3326 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3327 MGMT_STATUS_BUSY);
c35938b2
SJ		 3328 goto unlock;
3329 }
3330
2e58ef3e 3331 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3332 if (!cmd) {
3333 err = -ENOMEM;
3334 goto unlock;
3335 }
3336
4d2d2796
MH		 3337 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3338 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3339 0, NULL);
3340 else
3341 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3342
c35938b2
SJ		 3343 if (err < 0)
3344 mgmt_pending_remove(cmd);
3345
3346unlock:
09fd0de5 3347 hci_dev_unlock(hdev);
c35938b2
SJ		 3348 return err;
3349}
3350
bdb6d971 3351static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3352 void *data, u16 len)
2763eda6 3353{
2763eda6
SJ		 3354 int err;
3355
bdb6d971 3356 BT_DBG("%s ", hdev->name);
2763eda6 3357
09fd0de5 3358 hci_dev_lock(hdev);
2763eda6 3359
ec109113
MH		 3360 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3361 struct mgmt_cp_add_remote_oob_data *cp = data;
3362 u8 status;
bf1e3541 3363
ec109113
MH		 3364 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3365 cp->hash, cp->randomizer);
3366 if (err < 0)
3367 status = MGMT_STATUS_FAILED;
3368 else
3369 status = MGMT_STATUS_SUCCESS;
3370
3371 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3372 status, &cp->addr, sizeof(cp->addr));
3373 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3374 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3375 u8 status;
3376
3377 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3378 cp->hash192,
3379 cp->randomizer192,
3380 cp->hash256,
3381 cp->randomizer256);
3382 if (err < 0)
3383 status = MGMT_STATUS_FAILED;
3384 else
3385 status = MGMT_STATUS_SUCCESS;
3386
3387 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3388 status, &cp->addr, sizeof(cp->addr));
3389 } else {
3390 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3391 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3392 MGMT_STATUS_INVALID_PARAMS);
3393 }
2763eda6 3394
09fd0de5 3395 hci_dev_unlock(hdev);
2763eda6
SJ		 3396 return err;
3397}
3398
bdb6d971 3399static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3400 void *data, u16 len)
2763eda6 3401{
650f726d 3402 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3403 u8 status;
2763eda6
SJ		 3404 int err;
3405
bdb6d971 3406 BT_DBG("%s", hdev->name);
2763eda6 3407
09fd0de5 3408 hci_dev_lock(hdev);
2763eda6 3409
664ce4cc 3410 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3411 if (err < 0)
bf1e3541 3412 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3413 else
a6785be2 3414 status = MGMT_STATUS_SUCCESS;
bf1e3541 3415
bdb6d971 3416 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3417 status, &cp->addr, sizeof(cp->addr));
2763eda6 3418
09fd0de5 3419 hci_dev_unlock(hdev);
2763eda6
SJ		 3420 return err;
3421}
3422
41dc2bd6
AG		 3423static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3424{
3425 struct pending_cmd *cmd;
3426 u8 type;
3427 int err;
3428
3429 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3430
3431 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3432 if (!cmd)
3433 return -ENOENT;
3434
3435 type = hdev->discovery.type;
3436
3437 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3438 &type, sizeof(type));
3439 mgmt_pending_remove(cmd);
3440
3441 return err;
3442}
3443
7c307720
AG		 3444static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3445{
ae55f598
LR		 3446 unsigned long timeout = 0;
3447
7c307720
AG		 3448 BT_DBG("status %d", status);
3449
3450 if (status) {
3451 hci_dev_lock(hdev);
3452 mgmt_start_discovery_failed(hdev, status);
3453 hci_dev_unlock(hdev);
3454 return;
3455 }
3456
3457 hci_dev_lock(hdev);
3458 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3459 hci_dev_unlock(hdev);
3460
3461 switch (hdev->discovery.type) {
3462 case DISCOV_TYPE_LE:
3d5a76f0 3463 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720
AG		 3464 break;
3465
3466 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3467 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720
AG		 3468 break;
3469
3470 case DISCOV_TYPE_BREDR:
3471 break;
3472
3473 default:
3474 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3475 }
ae55f598
LR		 3476
3477 if (!timeout)
3478 return;
3479
3480 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
7c307720
AG		 3481}
3482
bdb6d971 3483static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3484 void *data, u16 len)
14a53664 3485{
650f726d 3486 struct mgmt_cp_start_discovery *cp = data;
14a53664 3487 struct pending_cmd *cmd;
7c307720
AG		 3488 struct hci_cp_le_set_scan_param param_cp;
3489 struct hci_cp_le_set_scan_enable enable_cp;
3490 struct hci_cp_inquiry inq_cp;
3491 struct hci_request req;
3492 /* General inquiry access code (GIAC) */
3493 u8 lap[3] = { 0x33, 0x8b, 0x9e };
d9483943 3494 u8 status, own_addr_type;
14a53664
JH		 3495 int err;
3496
bdb6d971 3497 BT_DBG("%s", hdev->name);
14a53664 3498
09fd0de5 3499 hci_dev_lock(hdev);
14a53664 3500
4b34ee78 3501 if (!hdev_is_powered(hdev)) {
bdb6d971 3502 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3503 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3504 goto failed;
3505 }
3506
642be6c7
AG		 3507 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3508 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3509 MGMT_STATUS_BUSY);
3510 goto failed;
3511 }
3512
ff9ef578 3513 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3514 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3515 MGMT_STATUS_BUSY);
ff9ef578
JH		 3516 goto failed;
3517 }
3518
2e58ef3e 3519 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3520 if (!cmd) {
3521 err = -ENOMEM;
3522 goto failed;
3523 }
3524
4aab14e5
AG		 3525 hdev->discovery.type = cp->type;
3526
7c307720
AG		 3527 hci_req_init(&req, hdev);
3528
4aab14e5 3529 switch (hdev->discovery.type) {
f39799f5 3530 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3531 status = mgmt_bredr_support(hdev);
3532 if (status) {
04106755 3533 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3534 status);
04106755
JH		 3535 mgmt_pending_remove(cmd);
3536 goto failed;
3537 }
3538
7c307720
AG		 3539 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3540 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3541 MGMT_STATUS_BUSY);
3542 mgmt_pending_remove(cmd);
3543 goto failed;
3544 }
3545
3546 hci_inquiry_cache_flush(hdev);
3547
3548 memset(&inq_cp, 0, sizeof(inq_cp));
3549 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3550 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3551 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3552 break;
3553
3554 case DISCOV_TYPE_LE:
7c307720 3555 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3556 status = mgmt_le_support(hdev);
3557 if (status) {
04106755 3558 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3559 status);
04106755
JH		 3560 mgmt_pending_remove(cmd);
3561 goto failed;
3562 }
3563
7c307720 3564 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3565 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3566 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3567 MGMT_STATUS_NOT_SUPPORTED);
3568 mgmt_pending_remove(cmd);
3569 goto failed;
3570 }
3571
f3d3444a 3572 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3573 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3574 MGMT_STATUS_REJECTED);
3575 mgmt_pending_remove(cmd);
3576 goto failed;
3577 }
3578
c54c3860
AG		 3579 /* If controller is scanning, it means the background scanning
3580 * is running. Thus, we should temporarily stop it in order to
3581 * set the discovery scanning parameters.
3582 */
3583 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3584 hci_req_add_le_scan_disable(&req);
7c307720
AG		 3585
3586 memset(&param_cp, 0, sizeof(param_cp));
d9483943 3587
94b1fc92
MH		 3588 /* All active scans will be done with either a resolvable
3589 * private address (when privacy feature has been enabled)
3590 * or unresolvable private address.
3591 */
3592 err = hci_update_random_address(&req, true, &own_addr_type);
d9483943
JH		 3593 if (err < 0) {
3594 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3595 MGMT_STATUS_FAILED);
3596 mgmt_pending_remove(cmd);
3597 goto failed;
3598 }
3599
7c307720 3600 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3601 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3602 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
d9483943 3603 param_cp.own_address_type = own_addr_type;
7c307720
AG		 3604 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3605 &param_cp);
3606
3607 memset(&enable_cp, 0, sizeof(enable_cp));
3608 enable_cp.enable = LE_SCAN_ENABLE;
3609 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3610 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3611 &enable_cp);
5e0452c0
AG		 3612 break;
3613
f39799f5 3614 default:
04106755
JH		 3615 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3616 MGMT_STATUS_INVALID_PARAMS);
3617 mgmt_pending_remove(cmd);
3618 goto failed;
f39799f5 3619 }
3fd24153 3620
7c307720 3621 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3622 if (err < 0)
3623 mgmt_pending_remove(cmd);
ff9ef578
JH		 3624 else
3625 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3626
3627failed:
09fd0de5 3628 hci_dev_unlock(hdev);
14a53664
JH		 3629 return err;
3630}
3631
1183fdca
AG		 3632static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3633{
3634 struct pending_cmd *cmd;
3635 int err;
3636
3637 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3638 if (!cmd)
3639 return -ENOENT;
3640
3641 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3642 &hdev->discovery.type, sizeof(hdev->discovery.type));
3643 mgmt_pending_remove(cmd);
3644
3645 return err;
3646}
3647
0e05bba6
AG		 3648static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3649{
3650 BT_DBG("status %d", status);
3651
3652 hci_dev_lock(hdev);
3653
3654 if (status) {
3655 mgmt_stop_discovery_failed(hdev, status);
3656 goto unlock;
3657 }
3658
3659 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3660
3661unlock:
3662 hci_dev_unlock(hdev);
3663}
3664
bdb6d971 3665static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3666 u16 len)
14a53664 3667{
d930650b 3668 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3669 struct pending_cmd *cmd;
0e05bba6 3670 struct hci_request req;
14a53664
JH		 3671 int err;
3672
bdb6d971 3673 BT_DBG("%s", hdev->name);
14a53664 3674
09fd0de5 3675 hci_dev_lock(hdev);
14a53664 3676
30dc78e1 3677 if (!hci_discovery_active(hdev)) {
bdb6d971 3678 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3679 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3680 sizeof(mgmt_cp->type));
d930650b
JH		 3681 goto unlock;
3682 }
3683
3684 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3685 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3686 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3687 sizeof(mgmt_cp->type));
30dc78e1 3688 goto unlock;
ff9ef578
JH		 3689 }
3690
2e58ef3e 3691 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3692 if (!cmd) {
3693 err = -ENOMEM;
30dc78e1
JH		 3694 goto unlock;
3695 }
3696
0e05bba6
AG		 3697 hci_req_init(&req, hdev);
3698
21a60d30 3699 hci_stop_discovery(&req);
e0d9727e 3700
21a60d30
JH		 3701 err = hci_req_run(&req, stop_discovery_complete);
3702 if (!err) {
3703 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 3704 goto unlock;
14a53664
JH		 3705 }
3706
21a60d30
JH		 3707 mgmt_pending_remove(cmd);
3708
3709 /* If no HCI commands were sent we're done */
3710 if (err == -ENODATA) {
3711 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
3712 &mgmt_cp->type, sizeof(mgmt_cp->type));
3713 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3714 }
14a53664 3715
30dc78e1 3716unlock:
09fd0de5 3717 hci_dev_unlock(hdev);
14a53664
JH		 3718 return err;
3719}
3720
bdb6d971 3721static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3722 u16 len)
561aafbc 3723{
650f726d 3724 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3725 struct inquiry_entry *e;
561aafbc
JH		 3726 int err;
3727
bdb6d971 3728 BT_DBG("%s", hdev->name);
561aafbc 3729
561aafbc
JH		 3730 hci_dev_lock(hdev);
3731
30dc78e1 3732 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 3733 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3734 MGMT_STATUS_FAILED, &cp->addr,
3735 sizeof(cp->addr));
30dc78e1
JH		 3736 goto failed;
3737 }
3738
a198e7b1 3739 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3740 if (!e) {
d3a2541d
LR		 3741 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3742 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3743 sizeof(cp->addr));
561aafbc
JH		 3744 goto failed;
3745 }
3746
3747 if (cp->name_known) {
3748 e->name_state = NAME_KNOWN;
3749 list_del(&e->list);
3750 } else {
3751 e->name_state = NAME_NEEDED;
a3d4e20a 3752 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3753 }
3754
e384662b
JH		 3755 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3756 sizeof(cp->addr));
561aafbc
JH		 3757
3758failed:
3759 hci_dev_unlock(hdev);
561aafbc
JH		 3760 return err;
3761}
3762
bdb6d971 3763static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3764 u16 len)
7fbec224 3765{
650f726d 3766 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3767 u8 status;
7fbec224
AJ		 3768 int err;
3769
bdb6d971 3770 BT_DBG("%s", hdev->name);
7fbec224 3771
4ee71b20 3772 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3773 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3774 MGMT_STATUS_INVALID_PARAMS,
3775 &cp->addr, sizeof(cp->addr));
4ee71b20 3776
09fd0de5 3777 hci_dev_lock(hdev);
5e762444 3778
88c1fe4b 3779 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2a8357f2 3780 if (err < 0) {
f0eeea8b 3781 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 3782 goto done;
3783 }
3784
3785 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3786 sk);
3787 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3788
2a8357f2 3789done:
bdb6d971 3790 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3791 &cp->addr, sizeof(cp->addr));
5e762444 3792
09fd0de5 3793 hci_dev_unlock(hdev);
7fbec224
AJ		 3794
3795 return err;
3796}
3797
bdb6d971 3798static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3799 u16 len)
7fbec224 3800{
650f726d 3801 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3802 u8 status;
7fbec224
AJ		 3803 int err;
3804
bdb6d971 3805 BT_DBG("%s", hdev->name);
7fbec224 3806
4ee71b20 3807 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3808 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3809 MGMT_STATUS_INVALID_PARAMS,
3810 &cp->addr, sizeof(cp->addr));
4ee71b20 3811
09fd0de5 3812 hci_dev_lock(hdev);
5e762444 3813
88c1fe4b 3814 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2a8357f2 3815 if (err < 0) {
f0eeea8b 3816 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 3817 goto done;
3818 }
3819
3820 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3821 sk);
3822 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3823
2a8357f2 3824done:
bdb6d971 3825 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3826 &cp->addr, sizeof(cp->addr));
5e762444 3827
09fd0de5 3828 hci_dev_unlock(hdev);
7fbec224
AJ		 3829
3830 return err;
3831}
3832
cdbaccca
MH		 3833static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3834 u16 len)
3835{
3836 struct mgmt_cp_set_device_id *cp = data;
890ea898 3837 struct hci_request req;
cdbaccca 3838 int err;
c72d4b8a 3839 __u16 source;
cdbaccca
MH		 3840
3841 BT_DBG("%s", hdev->name);
3842
c72d4b8a
SJ		 3843 source = __le16_to_cpu(cp->source);
3844
3845 if (source > 0x0002)
3846 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3847 MGMT_STATUS_INVALID_PARAMS);
3848
cdbaccca
MH		 3849 hci_dev_lock(hdev);
3850
c72d4b8a 3851 hdev->devid_source = source;
cdbaccca
MH		 3852 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3853 hdev->devid_product = __le16_to_cpu(cp->product);
3854 hdev->devid_version = __le16_to_cpu(cp->version);
3855
3856 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3857
890ea898
JH		 3858 hci_req_init(&req, hdev);
3859 update_eir(&req);
3860 hci_req_run(&req, NULL);
cdbaccca
MH		 3861
3862 hci_dev_unlock(hdev);
3863
3864 return err;
3865}
3866
4375f103
JH		 3867static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3868{
3869 struct cmd_lookup match = { NULL, hdev };
3870
3871 if (status) {
3872 u8 mgmt_err = mgmt_status(status);
3873
3874 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3875 cmd_status_rsp, &mgmt_err);
3876 return;
3877 }
3878
3879 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3880 &match);
3881
3882 new_settings(hdev, match.sk);
3883
3884 if (match.sk)
3885 sock_put(match.sk);
3886}
3887
21b5187f
MH		 3888static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3889 u16 len)
4375f103
JH		 3890{
3891 struct mgmt_mode *cp = data;
3892 struct pending_cmd *cmd;
3893 struct hci_request req;
e6fe7986 3894 u8 val, enabled, status;
4375f103
JH		 3895 int err;
3896
3897 BT_DBG("request for %s", hdev->name);
3898
e6fe7986
JH		 3899 status = mgmt_le_support(hdev);
3900 if (status)
4375f103 3901 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3902 status);
4375f103
JH		 3903
3904 if (cp->val != 0x00 && cp->val != 0x01)
3905 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3906 MGMT_STATUS_INVALID_PARAMS);
3907
3908 hci_dev_lock(hdev);
3909
3910 val = !!cp->val;
f3d3444a 3911 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3912
f74ca9b8
JH		 3913 /* The following conditions are ones which mean that we should
3914 * not do any HCI communication but directly send a mgmt
3915 * response to user space (after toggling the flag if
3916 * necessary).
3917 */
3918 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3919 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3920 bool changed = false;
3921
f3d3444a
JH		 3922 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3923 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3924 changed = true;
3925 }
3926
3927 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3928 if (err < 0)
3929 goto unlock;
3930
3931 if (changed)
3932 err = new_settings(hdev, sk);
3933
3934 goto unlock;
3935 }
3936
3937 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3938 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3939 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3940 MGMT_STATUS_BUSY);
3941 goto unlock;
3942 }
3943
3944 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3945 if (!cmd) {
3946 err = -ENOMEM;
3947 goto unlock;
3948 }
3949
3950 hci_req_init(&req, hdev);
3951
bba3aa55
MH		 3952 if (val)
3953 enable_advertising(&req);
3954 else
3955 disable_advertising(&req);
4375f103
JH		 3956
3957 err = hci_req_run(&req, set_advertising_complete);
3958 if (err < 0)
3959 mgmt_pending_remove(cmd);
3960
3961unlock:
3962 hci_dev_unlock(hdev);
3963 return err;
3964}
3965
d13eafce
MH		 3966static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3967 void *data, u16 len)
3968{
3969 struct mgmt_cp_set_static_address *cp = data;
3970 int err;
3971
3972 BT_DBG("%s", hdev->name);
3973
62af4443 3974 if (!lmp_le_capable(hdev))
d13eafce 3975 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3976 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3977
3978 if (hdev_is_powered(hdev))
3979 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3980 MGMT_STATUS_REJECTED);
3981
3982 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3983 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3984 return cmd_status(sk, hdev->id,
3985 MGMT_OP_SET_STATIC_ADDRESS,
3986 MGMT_STATUS_INVALID_PARAMS);
3987
3988 /* Two most significant bits shall be set */
3989 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3990 return cmd_status(sk, hdev->id,
3991 MGMT_OP_SET_STATIC_ADDRESS,
3992 MGMT_STATUS_INVALID_PARAMS);
3993 }
3994
3995 hci_dev_lock(hdev);
3996
3997 bacpy(&hdev->static_addr, &cp->bdaddr);
3998
3999 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
4000
4001 hci_dev_unlock(hdev);
4002
4003 return err;
4004}
4005
14b49b9a
MH		 4006static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4007 void *data, u16 len)
4008{
4009 struct mgmt_cp_set_scan_params *cp = data;
4010 __u16 interval, window;
4011 int err;
4012
4013 BT_DBG("%s", hdev->name);
4014
4015 if (!lmp_le_capable(hdev))
4016 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4017 MGMT_STATUS_NOT_SUPPORTED);
4018
4019 interval = __le16_to_cpu(cp->interval);
4020
4021 if (interval < 0x0004 || interval > 0x4000)
4022 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4023 MGMT_STATUS_INVALID_PARAMS);
4024
4025 window = __le16_to_cpu(cp->window);
4026
4027 if (window < 0x0004 || window > 0x4000)
4028 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4029 MGMT_STATUS_INVALID_PARAMS);
4030
899e1075
MH		 4031 if (window > interval)
4032 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4033 MGMT_STATUS_INVALID_PARAMS);
4034
14b49b9a
MH		 4035 hci_dev_lock(hdev);
4036
4037 hdev->le_scan_interval = interval;
4038 hdev->le_scan_window = window;
4039
4040 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4041
dd2ef8e2
AG		 4042 /* If background scan is running, restart it so new parameters are
4043 * loaded.
4044 */
4045 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4046 hdev->discovery.state == DISCOVERY_STOPPED) {
4047 struct hci_request req;
4048
4049 hci_req_init(&req, hdev);
4050
4051 hci_req_add_le_scan_disable(&req);
4052 hci_req_add_le_passive_scan(&req);
4053
4054 hci_req_run(&req, NULL);
4055 }
4056
14b49b9a
MH		 4057 hci_dev_unlock(hdev);
4058
4059 return err;
4060}
4061
33e38b3e
JH		 4062static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
4063{
4064 struct pending_cmd *cmd;
4065
4066 BT_DBG("status 0x%02x", status);
4067
4068 hci_dev_lock(hdev);
4069
4070 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4071 if (!cmd)
4072 goto unlock;
4073
4074 if (status) {
4075 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4076 mgmt_status(status));
4077 } else {
1a4d3c4b
JH		 4078 struct mgmt_mode *cp = cmd->param;
4079
4080 if (cp->val)
4081 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4082 else
4083 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4084
33e38b3e
JH		 4085 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4086 new_settings(hdev, cmd->sk);
4087 }
4088
4089 mgmt_pending_remove(cmd);
4090
4091unlock:
4092 hci_dev_unlock(hdev);
4093}
4094
bdb6d971 4095static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4096 void *data, u16 len)
f6422ec6 4097{
650f726d 4098 struct mgmt_mode *cp = data;
33e38b3e
JH		 4099 struct pending_cmd *cmd;
4100 struct hci_request req;
f6422ec6
AJ		 4101 int err;
4102
bdb6d971 4103 BT_DBG("%s", hdev->name);
f6422ec6 4104
56f87901
JH		 4105 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4106 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4107 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4108 MGMT_STATUS_NOT_SUPPORTED);
4109
a7e80f25
JH		 4110 if (cp->val != 0x00 && cp->val != 0x01)
4111 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4112 MGMT_STATUS_INVALID_PARAMS);
4113
5400c044 4114 if (!hdev_is_powered(hdev))
bdb6d971 4115 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4116 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4117
4118 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4119 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4120 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4121
4122 hci_dev_lock(hdev);
4123
05cbf29f
JH		 4124 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4125 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4126 MGMT_STATUS_BUSY);
4127 goto unlock;
4128 }
4129
1a4d3c4b
JH		 4130 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4131 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4132 hdev);
4133 goto unlock;
4134 }
4135
33e38b3e
JH		 4136 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4137 data, len);
4138 if (!cmd) {
4139 err = -ENOMEM;
4140 goto unlock;
f6422ec6
AJ		 4141 }
4142
33e38b3e
JH		 4143 hci_req_init(&req, hdev);
4144
406d7804 4145 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4146
4147 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4148 if (err < 0) {
bdb6d971 4149 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4150 MGMT_STATUS_FAILED);
33e38b3e 4151 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4152 }
4153
33e38b3e 4154unlock:
f6422ec6 4155 hci_dev_unlock(hdev);
33e38b3e 4156
f6422ec6
AJ		 4157 return err;
4158}
4159
67e5a7a3
JH		 4160static void set_bredr_scan(struct hci_request *req)
4161{
4162 struct hci_dev *hdev = req->hdev;
4163 u8 scan = 0;
4164
4165 /* Ensure that fast connectable is disabled. This function will
4166 * not do anything if the page scan parameters are already what
4167 * they should be.
4168 */
4169 write_fast_connectable(req, false);
4170
4171 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4172 scan |= SCAN_PAGE;
4173 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4174 scan |= SCAN_INQUIRY;
4175
4176 if (scan)
4177 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
4178}
4179
0663ca2a
JH		 4180static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4181{
4182 struct pending_cmd *cmd;
4183
4184 BT_DBG("status 0x%02x", status);
4185
4186 hci_dev_lock(hdev);
4187
4188 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4189 if (!cmd)
4190 goto unlock;
4191
4192 if (status) {
4193 u8 mgmt_err = mgmt_status(status);
4194
4195 /* We need to restore the flag if related HCI commands
4196 * failed.
4197 */
4198 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4199
4200 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4201 } else {
4202 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4203 new_settings(hdev, cmd->sk);
4204 }
4205
4206 mgmt_pending_remove(cmd);
4207
4208unlock:
4209 hci_dev_unlock(hdev);
4210}
4211
4212static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4213{
4214 struct mgmt_mode *cp = data;
4215 struct pending_cmd *cmd;
4216 struct hci_request req;
4217 int err;
4218
4219 BT_DBG("request for %s", hdev->name);
4220
4221 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4222 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4223 MGMT_STATUS_NOT_SUPPORTED);
4224
4225 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4226 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4227 MGMT_STATUS_REJECTED);
4228
4229 if (cp->val != 0x00 && cp->val != 0x01)
4230 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4231 MGMT_STATUS_INVALID_PARAMS);
4232
4233 hci_dev_lock(hdev);
4234
4235 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4236 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4237 goto unlock;
4238 }
4239
4240 if (!hdev_is_powered(hdev)) {
4241 if (!cp->val) {
0663ca2a
JH		 4242 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4243 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4244 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4245 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4246 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4247 }
4248
4249 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4250
4251 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4252 if (err < 0)
4253 goto unlock;
4254
4255 err = new_settings(hdev, sk);
4256 goto unlock;
4257 }
4258
4259 /* Reject disabling when powered on */
4260 if (!cp->val) {
4261 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4262 MGMT_STATUS_REJECTED);
4263 goto unlock;
4264 }
4265
4266 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4267 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4268 MGMT_STATUS_BUSY);
4269 goto unlock;
4270 }
4271
4272 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4273 if (!cmd) {
4274 err = -ENOMEM;
4275 goto unlock;
4276 }
4277
5947f4bc 4278 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4279 * generates the correct flags.
4280 */
4281 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4282
4283 hci_req_init(&req, hdev);
aa8af46e
JH		 4284
4285 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4286 set_bredr_scan(&req);
4287
f14d8f64
MH		 4288 /* Since only the advertising data flags will change, there
4289 * is no need to update the scan response data.
4290 */
5947f4bc 4291 update_adv_data(&req);
aa8af46e 4292
0663ca2a
JH		 4293 err = hci_req_run(&req, set_bredr_complete);
4294 if (err < 0)
4295 mgmt_pending_remove(cmd);
4296
4297unlock:
4298 hci_dev_unlock(hdev);
4299 return err;
4300}
4301
eac83dc6
MH		 4302static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4303 void *data, u16 len)
4304{
4305 struct mgmt_mode *cp = data;
4306 struct pending_cmd *cmd;
0ab04a9c 4307 u8 val, status;
eac83dc6
MH		 4308 int err;
4309
4310 BT_DBG("request for %s", hdev->name);
4311
4312 status = mgmt_bredr_support(hdev);
4313 if (status)
4314 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4315 status);
4316
5afeac14 4317 if (!lmp_sc_capable(hdev) &&
111902f7 4318 !test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
eac83dc6
MH		 4319 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4320 MGMT_STATUS_NOT_SUPPORTED);
4321
0ab04a9c 4322 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4323 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4324 MGMT_STATUS_INVALID_PARAMS);
4325
4326 hci_dev_lock(hdev);
4327
4328 if (!hdev_is_powered(hdev)) {
4329 bool changed;
4330
0ab04a9c 4331 if (cp->val) {
eac83dc6
MH		 4332 changed = !test_and_set_bit(HCI_SC_ENABLED,
4333 &hdev->dev_flags);
0ab04a9c
MH		 4334 if (cp->val == 0x02)
4335 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4336 else
4337 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4338 } else {
eac83dc6
MH		 4339 changed = test_and_clear_bit(HCI_SC_ENABLED,
4340 &hdev->dev_flags);
0ab04a9c
MH		 4341 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4342 }
eac83dc6
MH		 4343
4344 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4345 if (err < 0)
4346 goto failed;
4347
4348 if (changed)
4349 err = new_settings(hdev, sk);
4350
4351 goto failed;
4352 }
4353
4354 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4355 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4356 MGMT_STATUS_BUSY);
4357 goto failed;
4358 }
4359
0ab04a9c
MH		 4360 val = !!cp->val;
4361
4362 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4363 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4364 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4365 goto failed;
4366 }
4367
4368 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4369 if (!cmd) {
4370 err = -ENOMEM;
4371 goto failed;
4372 }
4373
0ab04a9c 4374 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4375 if (err < 0) {
4376 mgmt_pending_remove(cmd);
4377 goto failed;
4378 }
4379
0ab04a9c
MH		 4380 if (cp->val == 0x02)
4381 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4382 else
4383 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4384
eac83dc6
MH		 4385failed:
4386 hci_dev_unlock(hdev);
4387 return err;
4388}
4389
4e39ac81
MH		 4390static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4391 void *data, u16 len)
4392{
4393 struct mgmt_mode *cp = data;
b9710979 4394 bool changed, use_changed;
4e39ac81
MH		 4395 int err;
4396
4397 BT_DBG("request for %s", hdev->name);
4398
b9710979 4399 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4e39ac81
MH		 4400 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4401 MGMT_STATUS_INVALID_PARAMS);
4402
4403 hci_dev_lock(hdev);
4404
4405 if (cp->val)
0663b297
JH		 4406 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4407 &hdev->dev_flags);
4e39ac81 4408 else
0663b297
JH		 4409 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4410 &hdev->dev_flags);
4e39ac81 4411
b9710979
JH		 4412 if (cp->val == 0x02)
4413 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
4414 &hdev->dev_flags);
4415 else
4416 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
4417 &hdev->dev_flags);
4418
4419 if (hdev_is_powered(hdev) && use_changed &&
4420 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
4421 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4422 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4423 sizeof(mode), &mode);
4424 }
4425
4e39ac81
MH		 4426 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4427 if (err < 0)
4428 goto unlock;
4429
4430 if (changed)
4431 err = new_settings(hdev, sk);
4432
4433unlock:
4434 hci_dev_unlock(hdev);
4435 return err;
4436}
4437
62b04cd1
JH		 4438static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4439 u16 len)
4440{
4441 struct mgmt_cp_set_privacy *cp = cp_data;
4442 bool changed;
4443 int err;
4444
4445 BT_DBG("request for %s", hdev->name);
4446
4447 if (!lmp_le_capable(hdev))
4448 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4449 MGMT_STATUS_NOT_SUPPORTED);
4450
4451 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4452 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4453 MGMT_STATUS_INVALID_PARAMS);
4454
4455 if (hdev_is_powered(hdev))
4456 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4457 MGMT_STATUS_REJECTED);
4458
4459 hci_dev_lock(hdev);
4460
c21c0ea0
JH		 4461 /* If user space supports this command it is also expected to
4462 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4463 */
4464 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4465
62b04cd1
JH		 4466 if (cp->privacy) {
4467 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4468 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4469 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4470 } else {
4471 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4472 memset(hdev->irk, 0, sizeof(hdev->irk));
4473 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4474 }
4475
4476 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4477 if (err < 0)
4478 goto unlock;
4479
4480 if (changed)
4481 err = new_settings(hdev, sk);
4482
4483unlock:
4484 hci_dev_unlock(hdev);
4485 return err;
4486}
4487
41edf160
JH		 4488static bool irk_is_valid(struct mgmt_irk_info *irk)
4489{
4490 switch (irk->addr.type) {
4491 case BDADDR_LE_PUBLIC:
4492 return true;
4493
4494 case BDADDR_LE_RANDOM:
4495 /* Two most significant bits shall be set */
4496 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4497 return false;
4498 return true;
4499 }
4500
4501 return false;
4502}
4503
4504static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4505 u16 len)
4506{
4507 struct mgmt_cp_load_irks *cp = cp_data;
4508 u16 irk_count, expected_len;
4509 int i, err;
4510
4511 BT_DBG("request for %s", hdev->name);
4512
4513 if (!lmp_le_capable(hdev))
4514 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4515 MGMT_STATUS_NOT_SUPPORTED);
4516
4517 irk_count = __le16_to_cpu(cp->irk_count);
4518
4519 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4520 if (expected_len != len) {
4521 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4522 expected_len, len);
41edf160
JH		 4523 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4524 MGMT_STATUS_INVALID_PARAMS);
4525 }
4526
4527 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4528
4529 for (i = 0; i < irk_count; i++) {
4530 struct mgmt_irk_info *key = &cp->irks[i];
4531
4532 if (!irk_is_valid(key))
4533 return cmd_status(sk, hdev->id,
4534 MGMT_OP_LOAD_IRKS,
4535 MGMT_STATUS_INVALID_PARAMS);
4536 }
4537
4538 hci_dev_lock(hdev);
4539
4540 hci_smp_irks_clear(hdev);
4541
4542 for (i = 0; i < irk_count; i++) {
4543 struct mgmt_irk_info *irk = &cp->irks[i];
4544 u8 addr_type;
4545
4546 if (irk->addr.type == BDADDR_LE_PUBLIC)
4547 addr_type = ADDR_LE_DEV_PUBLIC;
4548 else
4549 addr_type = ADDR_LE_DEV_RANDOM;
4550
4551 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4552 BDADDR_ANY);
4553 }
4554
4555 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4556
4557 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4558
4559 hci_dev_unlock(hdev);
4560
4561 return err;
4562}
4563
3f706b72
JH		 4564static bool ltk_is_valid(struct mgmt_ltk_info *key)
4565{
4566 if (key->master != 0x00 && key->master != 0x01)
4567 return false;
490cb0b3
MH		 4568
4569 switch (key->addr.type) {
4570 case BDADDR_LE_PUBLIC:
4571 return true;
4572
4573 case BDADDR_LE_RANDOM:
4574 /* Two most significant bits shall be set */
4575 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4576 return false;
4577 return true;
4578 }
4579
4580 return false;
3f706b72
JH		 4581}
4582
bdb6d971 4583static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4584 void *cp_data, u16 len)
346af67b 4585{
346af67b
VCG		 4586 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4587 u16 key_count, expected_len;
715a5bf2 4588 int i, err;
346af67b 4589
cf99ba13
MH		 4590 BT_DBG("request for %s", hdev->name);
4591
4592 if (!lmp_le_capable(hdev))
4593 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4594 MGMT_STATUS_NOT_SUPPORTED);
4595
1f350c87 4596 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 4597
4598 expected_len = sizeof(*cp) + key_count *
4599 sizeof(struct mgmt_ltk_info);
4600 if (expected_len != len) {
4601 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4602 expected_len, len);
bdb6d971 4603 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4604 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4605 }
4606
bdb6d971 4607 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4608
54ad6d8a
JH		 4609 for (i = 0; i < key_count; i++) {
4610 struct mgmt_ltk_info *key = &cp->keys[i];
4611
3f706b72 4612 if (!ltk_is_valid(key))
54ad6d8a
JH		 4613 return cmd_status(sk, hdev->id,
4614 MGMT_OP_LOAD_LONG_TERM_KEYS,
4615 MGMT_STATUS_INVALID_PARAMS);
4616 }
4617
346af67b
VCG		 4618 hci_dev_lock(hdev);
4619
4620 hci_smp_ltks_clear(hdev);
4621
4622 for (i = 0; i < key_count; i++) {
4623 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 4624 u8 type, addr_type, authenticated;
79d95a19
MH		 4625
4626 if (key->addr.type == BDADDR_LE_PUBLIC)
4627 addr_type = ADDR_LE_DEV_PUBLIC;
4628 else
4629 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4630
4631 if (key->master)
2ceba539 4632 type = SMP_LTK;
346af67b 4633 else
2ceba539 4634 type = SMP_LTK_SLAVE;
346af67b 4635
61b43357
JH		 4636 switch (key->type) {
4637 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 4638 authenticated = 0x00;
61b43357
JH		 4639 break;
4640 case MGMT_LTK_AUTHENTICATED:
d7b25450 4641 authenticated = 0x01;
61b43357
JH		 4642 break;
4643 default:
4644 continue;
4645 }
d7b25450 4646
35d70271 4647 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 4648 authenticated, key->val, key->enc_size, key->ediv,
35d70271 4649 key->rand);
346af67b
VCG		 4650 }
4651
715a5bf2
JH		 4652 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4653 NULL, 0);
4654
346af67b 4655 hci_dev_unlock(hdev);
346af67b 4656
715a5bf2 4657 return err;
346af67b
VCG		 4658}
4659
dd983808
AK		 4660struct cmd_conn_lookup {
4661 struct hci_conn *conn;
4662 bool valid_tx_power;
4663 u8 mgmt_status;
4664};
4665
4666static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
4667{
4668 struct cmd_conn_lookup *match = data;
4669 struct mgmt_cp_get_conn_info *cp;
4670 struct mgmt_rp_get_conn_info rp;
4671 struct hci_conn *conn = cmd->user_data;
4672
4673 if (conn != match->conn)
4674 return;
4675
4676 cp = (struct mgmt_cp_get_conn_info *) cmd->param;
4677
4678 memset(&rp, 0, sizeof(rp));
4679 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4680 rp.addr.type = cp->addr.type;
4681
4682 if (!match->mgmt_status) {
4683 rp.rssi = conn->rssi;
4684
eed5daf3 4685 if (match->valid_tx_power) {
dd983808 4686 rp.tx_power = conn->tx_power;
eed5daf3
AK		 4687 rp.max_tx_power = conn->max_tx_power;
4688 } else {
dd983808 4689 rp.tx_power = HCI_TX_POWER_INVALID;
eed5daf3
AK		 4690 rp.max_tx_power = HCI_TX_POWER_INVALID;
4691 }
dd983808
AK		 4692 }
4693
4694 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4695 match->mgmt_status, &rp, sizeof(rp));
4696
4697 hci_conn_drop(conn);
4698
4699 mgmt_pending_remove(cmd);
4700}
4701
4702static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status)
4703{
4704 struct hci_cp_read_rssi *cp;
4705 struct hci_conn *conn;
4706 struct cmd_conn_lookup match;
4707 u16 handle;
4708
4709 BT_DBG("status 0x%02x", status);
4710
4711 hci_dev_lock(hdev);
4712
4713 /* TX power data is valid in case request completed successfully,
eed5daf3
AK		 4714 * otherwise we assume it's not valid. At the moment we assume that
4715 * either both or none of current and max values are valid to keep code
4716 * simple.
dd983808
AK		 4717 */
4718 match.valid_tx_power = !status;
4719
4720 /* Commands sent in request are either Read RSSI or Read Transmit Power
4721 * Level so we check which one was last sent to retrieve connection
4722 * handle. Both commands have handle as first parameter so it's safe to
4723 * cast data on the same command struct.
4724 *
4725 * First command sent is always Read RSSI and we fail only if it fails.
4726 * In other case we simply override error to indicate success as we
4727 * already remembered if TX power value is actually valid.
4728 */
4729 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4730 if (!cp) {
4731 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4732 status = 0;
4733 }
4734
4735 if (!cp) {
4736 BT_ERR("invalid sent_cmd in response");
4737 goto unlock;
4738 }
4739
4740 handle = __le16_to_cpu(cp->handle);
4741 conn = hci_conn_hash_lookup_handle(hdev, handle);
4742 if (!conn) {
4743 BT_ERR("unknown handle (%d) in response", handle);
4744 goto unlock;
4745 }
4746
4747 match.conn = conn;
4748 match.mgmt_status = mgmt_status(status);
4749
4750 /* Cache refresh is complete, now reply for mgmt request for given
4751 * connection only.
4752 */
4753 mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev,
4754 get_conn_info_complete, &match);
4755
4756unlock:
4757 hci_dev_unlock(hdev);
4758}
4759
4760static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4761 u16 len)
4762{
4763 struct mgmt_cp_get_conn_info *cp = data;
4764 struct mgmt_rp_get_conn_info rp;
4765 struct hci_conn *conn;
4766 unsigned long conn_info_age;
4767 int err = 0;
4768
4769 BT_DBG("%s", hdev->name);
4770
4771 memset(&rp, 0, sizeof(rp));
4772 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4773 rp.addr.type = cp->addr.type;
4774
4775 if (!bdaddr_type_is_valid(cp->addr.type))
4776 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4777 MGMT_STATUS_INVALID_PARAMS,
4778 &rp, sizeof(rp));
4779
4780 hci_dev_lock(hdev);
4781
4782 if (!hdev_is_powered(hdev)) {
4783 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4784 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
4785 goto unlock;
4786 }
4787
4788 if (cp->addr.type == BDADDR_BREDR)
4789 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4790 &cp->addr.bdaddr);
4791 else
4792 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4793
4794 if (!conn || conn->state != BT_CONNECTED) {
4795 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4796 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
4797 goto unlock;
4798 }
4799
4800 /* To avoid client trying to guess when to poll again for information we
4801 * calculate conn info age as random value between min/max set in hdev.
4802 */
4803 conn_info_age = hdev->conn_info_min_age +
4804 prandom_u32_max(hdev->conn_info_max_age -
4805 hdev->conn_info_min_age);
4806
4807 /* Query controller to refresh cached values if they are too old or were
4808 * never read.
4809 */
f4e2dd53
AK		 4810 if (time_after(jiffies, conn->conn_info_timestamp +
4811 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 4812 !conn->conn_info_timestamp) {
4813 struct hci_request req;
4814 struct hci_cp_read_tx_power req_txp_cp;
4815 struct hci_cp_read_rssi req_rssi_cp;
4816 struct pending_cmd *cmd;
4817
4818 hci_req_init(&req, hdev);
4819 req_rssi_cp.handle = cpu_to_le16(conn->handle);
4820 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4821 &req_rssi_cp);
4822
f7faab0c
AK		 4823 /* For LE links TX power does not change thus we don't need to
4824 * query for it once value is known.
4825 */
4826 if (!bdaddr_type_is_le(cp->addr.type) ||
4827 conn->tx_power == HCI_TX_POWER_INVALID) {
4828 req_txp_cp.handle = cpu_to_le16(conn->handle);
4829 req_txp_cp.type = 0x00;
4830 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4831 sizeof(req_txp_cp), &req_txp_cp);
4832 }
dd983808 4833
eed5daf3
AK		 4834 /* Max TX power needs to be read only once per connection */
4835 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
4836 req_txp_cp.handle = cpu_to_le16(conn->handle);
4837 req_txp_cp.type = 0x01;
4838 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4839 sizeof(req_txp_cp), &req_txp_cp);
4840 }
4841
dd983808
AK		 4842 err = hci_req_run(&req, conn_info_refresh_complete);
4843 if (err < 0)
4844 goto unlock;
4845
4846 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
4847 data, len);
4848 if (!cmd) {
4849 err = -ENOMEM;
4850 goto unlock;
4851 }
4852
4853 hci_conn_hold(conn);
4854 cmd->user_data = conn;
4855
4856 conn->conn_info_timestamp = jiffies;
4857 } else {
4858 /* Cache is valid, just reply with values cached in hci_conn */
4859 rp.rssi = conn->rssi;
4860 rp.tx_power = conn->tx_power;
eed5daf3 4861 rp.max_tx_power = conn->max_tx_power;
dd983808
AK		 4862
4863 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4864 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
4865 }
4866
4867unlock:
4868 hci_dev_unlock(hdev);
4869 return err;
4870}
4871
95868426
JH		 4872static void get_clock_info_complete(struct hci_dev *hdev, u8 status)
4873{
4874 struct mgmt_cp_get_clock_info *cp;
4875 struct mgmt_rp_get_clock_info rp;
4876 struct hci_cp_read_clock *hci_cp;
4877 struct pending_cmd *cmd;
4878 struct hci_conn *conn;
4879
4880 BT_DBG("%s status %u", hdev->name, status);
4881
4882 hci_dev_lock(hdev);
4883
4884 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
4885 if (!hci_cp)
4886 goto unlock;
4887
4888 if (hci_cp->which) {
4889 u16 handle = __le16_to_cpu(hci_cp->handle);
4890 conn = hci_conn_hash_lookup_handle(hdev, handle);
4891 } else {
4892 conn = NULL;
4893 }
4894
4895 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
4896 if (!cmd)
4897 goto unlock;
4898
4899 cp = cmd->param;
4900
4901 memset(&rp, 0, sizeof(rp));
4902 memcpy(&rp.addr, &cp->addr, sizeof(rp.addr));
4903
4904 if (status)
4905 goto send_rsp;
4906
4907 rp.local_clock = cpu_to_le32(hdev->clock);
4908
4909 if (conn) {
4910 rp.piconet_clock = cpu_to_le32(conn->clock);
4911 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
4912 }
4913
4914send_rsp:
4915 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
4916 &rp, sizeof(rp));
4917 mgmt_pending_remove(cmd);
4918 if (conn)
4919 hci_conn_drop(conn);
4920
4921unlock:
4922 hci_dev_unlock(hdev);
4923}
4924
4925static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
4926 u16 len)
4927{
4928 struct mgmt_cp_get_clock_info *cp = data;
4929 struct mgmt_rp_get_clock_info rp;
4930 struct hci_cp_read_clock hci_cp;
4931 struct pending_cmd *cmd;
4932 struct hci_request req;
4933 struct hci_conn *conn;
4934 int err;
4935
4936 BT_DBG("%s", hdev->name);
4937
4938 memset(&rp, 0, sizeof(rp));
4939 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4940 rp.addr.type = cp->addr.type;
4941
4942 if (cp->addr.type != BDADDR_BREDR)
4943 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
4944 MGMT_STATUS_INVALID_PARAMS,
4945 &rp, sizeof(rp));
4946
4947 hci_dev_lock(hdev);
4948
4949 if (!hdev_is_powered(hdev)) {
4950 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
4951 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
4952 goto unlock;
4953 }
4954
4955 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
4956 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4957 &cp->addr.bdaddr);
4958 if (!conn || conn->state != BT_CONNECTED) {
4959 err = cmd_complete(sk, hdev->id,
4960 MGMT_OP_GET_CLOCK_INFO,
4961 MGMT_STATUS_NOT_CONNECTED,
4962 &rp, sizeof(rp));
4963 goto unlock;
4964 }
4965 } else {
4966 conn = NULL;
4967 }
4968
4969 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
4970 if (!cmd) {
4971 err = -ENOMEM;
4972 goto unlock;
4973 }
4974
4975 hci_req_init(&req, hdev);
4976
4977 memset(&hci_cp, 0, sizeof(hci_cp));
4978 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
4979
4980 if (conn) {
4981 hci_conn_hold(conn);
4982 cmd->user_data = conn;
4983
4984 hci_cp.handle = cpu_to_le16(conn->handle);
4985 hci_cp.which = 0x01; /* Piconet clock */
4986 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
4987 }
4988
4989 err = hci_req_run(&req, get_clock_info_complete);
4990 if (err < 0)
4991 mgmt_pending_remove(cmd);
4992
4993unlock:
4994 hci_dev_unlock(hdev);
4995 return err;
4996}
4997
8afef092
MH		 4998static void device_added(struct sock *sk, struct hci_dev *hdev,
4999 bdaddr_t *bdaddr, u8 type, u8 action)
5000{
5001 struct mgmt_ev_device_added ev;
5002
5003 bacpy(&ev.addr.bdaddr, bdaddr);
5004 ev.addr.type = type;
5005 ev.action = action;
5006
5007 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5008}
5009
2faade53
MH		 5010static int add_device(struct sock *sk, struct hci_dev *hdev,
5011 void *data, u16 len)
5012{
5013 struct mgmt_cp_add_device *cp = data;
5014 u8 auto_conn, addr_type;
5015 int err;
5016
5017 BT_DBG("%s", hdev->name);
5018
5019 if (!bdaddr_type_is_le(cp->addr.type) ||
5020 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5021 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5022 MGMT_STATUS_INVALID_PARAMS,
5023 &cp->addr, sizeof(cp->addr));
5024
5025 if (cp->action != 0x00 && cp->action != 0x01)
5026 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5027 MGMT_STATUS_INVALID_PARAMS,
5028 &cp->addr, sizeof(cp->addr));
5029
5030 hci_dev_lock(hdev);
5031
5032 if (cp->addr.type == BDADDR_LE_PUBLIC)
5033 addr_type = ADDR_LE_DEV_PUBLIC;
5034 else
5035 addr_type = ADDR_LE_DEV_RANDOM;
5036
5037 if (cp->action)
5038 auto_conn = HCI_AUTO_CONN_ALWAYS;
5039 else
a3451d27 5040 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5041
bf5b3c8b
MH		 5042 /* If the connection parameters don't exist for this device,
5043 * they will be created and configured with defaults.
5044 */
d06b50ce
MH		 5045 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5046 auto_conn) < 0) {
2faade53
MH		 5047 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5048 MGMT_STATUS_FAILED,
5049 &cp->addr, sizeof(cp->addr));
5050 goto unlock;
5051 }
5052
8afef092
MH		 5053 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5054
2faade53
MH		 5055 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5056 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5057
5058unlock:
5059 hci_dev_unlock(hdev);
5060 return err;
5061}
5062
8afef092
MH		 5063static void device_removed(struct sock *sk, struct hci_dev *hdev,
5064 bdaddr_t *bdaddr, u8 type)
5065{
5066 struct mgmt_ev_device_removed ev;
5067
5068 bacpy(&ev.addr.bdaddr, bdaddr);
5069 ev.addr.type = type;
5070
5071 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5072}
5073
2faade53
MH		 5074static int remove_device(struct sock *sk, struct hci_dev *hdev,
5075 void *data, u16 len)
5076{
5077 struct mgmt_cp_remove_device *cp = data;
5078 int err;
5079
5080 BT_DBG("%s", hdev->name);
5081
5082 hci_dev_lock(hdev);
5083
5084 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5085 struct hci_conn_params *params;
2faade53
MH		 5086 u8 addr_type;
5087
5088 if (!bdaddr_type_is_le(cp->addr.type)) {
5089 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5090 MGMT_STATUS_INVALID_PARAMS,
5091 &cp->addr, sizeof(cp->addr));
5092 goto unlock;
5093 }
5094
5095 if (cp->addr.type == BDADDR_LE_PUBLIC)
5096 addr_type = ADDR_LE_DEV_PUBLIC;
5097 else
5098 addr_type = ADDR_LE_DEV_RANDOM;
5099
c71593dd
JH		 5100 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5101 addr_type);
5102 if (!params) {
5103 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5104 MGMT_STATUS_INVALID_PARAMS,
5105 &cp->addr, sizeof(cp->addr));
5106 goto unlock;
5107 }
5108
5109 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
5110 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5111 MGMT_STATUS_INVALID_PARAMS,
5112 &cp->addr, sizeof(cp->addr));
5113 goto unlock;
5114 }
5115
5116 hci_pend_le_conn_del(hdev, &cp->addr.bdaddr, addr_type);
5117 list_del(&params->list);
5118 kfree(params);
8afef092
MH		 5119
5120 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53
MH		 5121 } else {
5122 if (cp->addr.type) {
5123 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5124 MGMT_STATUS_INVALID_PARAMS,
5125 &cp->addr, sizeof(cp->addr));
5126 goto unlock;
5127 }
5128
c71593dd 5129 hci_conn_params_clear_enabled(hdev);
2faade53
MH		 5130 }
5131
5132 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5133 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5134
5135unlock:
5136 hci_dev_unlock(hdev);
5137 return err;
5138}
5139
a26f3dcf
JH		 5140static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5141 u16 len)
5142{
5143 struct mgmt_cp_load_conn_param *cp = data;
5144 u16 param_count, expected_len;
5145 int i;
5146
5147 if (!lmp_le_capable(hdev))
5148 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5149 MGMT_STATUS_NOT_SUPPORTED);
5150
5151 param_count = __le16_to_cpu(cp->param_count);
5152
5153 expected_len = sizeof(*cp) + param_count *
5154 sizeof(struct mgmt_conn_param);
5155 if (expected_len != len) {
5156 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5157 expected_len, len);
5158 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5159 MGMT_STATUS_INVALID_PARAMS);
5160 }
5161
5162 BT_DBG("%s param_count %u", hdev->name, param_count);
5163
5164 hci_dev_lock(hdev);
5165
5166 hci_conn_params_clear_disabled(hdev);
5167
5168 for (i = 0; i < param_count; i++) {
5169 struct mgmt_conn_param *param = &cp->params[i];
5170 struct hci_conn_params *hci_param;
5171 u16 min, max, latency, timeout;
5172 u8 addr_type;
5173
5174 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5175 param->addr.type);
5176
5177 if (param->addr.type == BDADDR_LE_PUBLIC) {
5178 addr_type = ADDR_LE_DEV_PUBLIC;
5179 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5180 addr_type = ADDR_LE_DEV_RANDOM;
5181 } else {
5182 BT_ERR("Ignoring invalid connection parameters");
5183 continue;
5184 }
5185
5186 min = le16_to_cpu(param->min_interval);
5187 max = le16_to_cpu(param->max_interval);
5188 latency = le16_to_cpu(param->latency);
5189 timeout = le16_to_cpu(param->timeout);
5190
5191 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5192 min, max, latency, timeout);
5193
5194 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5195 BT_ERR("Ignoring invalid connection parameters");
5196 continue;
5197 }
5198
5199 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
5200 addr_type);
5201 if (!hci_param) {
5202 BT_ERR("Failed to add connection parameters");
5203 continue;
5204 }
5205
5206 hci_param->conn_min_interval = min;
5207 hci_param->conn_max_interval = max;
5208 hci_param->conn_latency = latency;
5209 hci_param->supervision_timeout = timeout;
5210 }
5211
5212 hci_dev_unlock(hdev);
5213
5214 return cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, NULL, 0);
5215}
5216
2e3c35ea 5217static const struct mgmt_handler {
04124681
GP		 5218 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
5219 u16 data_len);
be22b54e
JH		 5220 bool var_len;
5221 size_t data_len;
0f4e68cf
JH		 5222} mgmt_handlers[] = {
5223 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 5224 { read_version, false, MGMT_READ_VERSION_SIZE },
5225 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
5226 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
5227 { read_controller_info, false, MGMT_READ_INFO_SIZE },
5228 { set_powered, false, MGMT_SETTING_SIZE },
5229 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
5230 { set_connectable, false, MGMT_SETTING_SIZE },
5231 { set_fast_connectable, false, MGMT_SETTING_SIZE },
5232 { set_pairable, false, MGMT_SETTING_SIZE },
5233 { set_link_security, false, MGMT_SETTING_SIZE },
5234 { set_ssp, false, MGMT_SETTING_SIZE },
5235 { set_hs, false, MGMT_SETTING_SIZE },
5236 { set_le, false, MGMT_SETTING_SIZE },
5237 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
5238 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
5239 { add_uuid, false, MGMT_ADD_UUID_SIZE },
5240 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
5241 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
5242 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
5243 { disconnect, false, MGMT_DISCONNECT_SIZE },
5244 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
5245 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
5246 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
5247 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
5248 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
5249 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
5250 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
5251 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
5252 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
5253 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
5254 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
5255 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 5256 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 5257 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
5258 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
5259 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
5260 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
5261 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
5262 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 5263 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 5264 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 5265 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 5266 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 5267 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 5268 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 5269 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 5270 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 5271 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
dd983808 5272 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
95868426 5273 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
2faade53
MH		 5274 { add_device, false, MGMT_ADD_DEVICE_SIZE },
5275 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE },
a26f3dcf 5276 { load_conn_param, true, MGMT_LOAD_CONN_PARAM_SIZE },
0f4e68cf
JH		 5277};
5278
0381101f
JH		 5279int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
5280{
650f726d
VCG		 5281 void *buf;
5282 u8 *cp;
0381101f 5283 struct mgmt_hdr *hdr;
4e51eae9 5284 u16 opcode, index, len;
bdb6d971 5285 struct hci_dev *hdev = NULL;
2e3c35ea 5286 const struct mgmt_handler *handler;
0381101f
JH		 5287 int err;
5288
5289 BT_DBG("got %zu bytes", msglen);
5290
5291 if (msglen < sizeof(*hdr))
5292 return -EINVAL;
5293
e63a15ec 5294 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 5295 if (!buf)
5296 return -ENOMEM;
5297
5298 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
5299 err = -EFAULT;
5300 goto done;
5301 }
5302
650f726d 5303 hdr = buf;
1f350c87
MH		 5304 opcode = __le16_to_cpu(hdr->opcode);
5305 index = __le16_to_cpu(hdr->index);
5306 len = __le16_to_cpu(hdr->len);
0381101f
JH		 5307
5308 if (len != msglen - sizeof(*hdr)) {
5309 err = -EINVAL;
5310 goto done;
5311 }
5312
0f4e68cf 5313 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 5314 hdev = hci_dev_get(index);
5315 if (!hdev) {
5316 err = cmd_status(sk, index, opcode,
04124681 5317 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 5318 goto done;
5319 }
0736cfa8 5320
cebf4cfd 5321 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4a964404
MH		 5322 test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) ||
5323 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 5324 err = cmd_status(sk, index, opcode,
5325 MGMT_STATUS_INVALID_INDEX);
5326 goto done;
5327 }
bdb6d971
JH		 5328 }
5329
0f4e68cf 5330 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 5331 mgmt_handlers[opcode].func == NULL) {
0381101f 5332 BT_DBG("Unknown op %u", opcode);
ca69b795 5333 err = cmd_status(sk, index, opcode,
04124681 5334 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 5335 goto done;
5336 }
5337
5338 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 5339 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 5340 err = cmd_status(sk, index, opcode,
04124681 5341 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 5342 goto done;
0381101f
JH		 5343 }
5344
be22b54e
JH		 5345 handler = &mgmt_handlers[opcode];
5346
5347 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 5348 (!handler->var_len && len != handler->data_len)) {
be22b54e 5349 err = cmd_status(sk, index, opcode,
04124681 5350 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 5351 goto done;
5352 }
5353
0f4e68cf
JH		 5354 if (hdev)
5355 mgmt_init_hdev(sk, hdev);
5356
5357 cp = buf + sizeof(*hdr);
5358
be22b54e 5359 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 5360 if (err < 0)
5361 goto done;
5362
0381101f
JH		 5363 err = msglen;
5364
5365done:
bdb6d971
JH		 5366 if (hdev)
5367 hci_dev_put(hdev);
5368
0381101f
JH		 5369 kfree(buf);
5370 return err;
5371}
c71e97bf 5372
bf6b56db 5373void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 5374{
1514b892 5375 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5376 return;
bb4b2a9a 5377
0602a8ad
MH		 5378 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5379 return;
5380
5381 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5382 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
5383 else
5384 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 5385}
5386
bf6b56db 5387void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 5388{
5f159032 5389 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 5390
1514b892 5391 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5392 return;
bb4b2a9a 5393
0602a8ad
MH		 5394 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5395 return;
5396
744cf19e 5397 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 5398
edd3896b
MH		 5399 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5400 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
5401 else
5402 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 5403}
5404
6046dc3e
AG		 5405/* This function requires the caller holds hdev->lock */
5406static void restart_le_auto_conns(struct hci_dev *hdev)
5407{
5408 struct hci_conn_params *p;
c83ed19d 5409 bool added = false;
6046dc3e
AG		 5410
5411 list_for_each_entry(p, &hdev->le_conn_params, list) {
c83ed19d 5412 if (p->auto_connect == HCI_AUTO_CONN_ALWAYS) {
6046dc3e 5413 hci_pend_le_conn_add(hdev, &p->addr, p->addr_type);
c83ed19d
MH		 5414 added = true;
5415 }
6046dc3e 5416 }
c83ed19d
MH		 5417
5418 /* Calling hci_pend_le_conn_add will actually already trigger
5419 * background scanning when needed. So no need to trigger it
5420 * just another time.
5421 *
5422 * This check is here to avoid an unneeded restart of the
5423 * passive scanning. Since this is during the controller
5424 * power up phase the duplicate filtering is not an issue.
5425 */
5426 if (added)
5427 return;
5428
5429 hci_update_background_scan(hdev);
6046dc3e
AG		 5430}
5431
229ab39c
JH		 5432static void powered_complete(struct hci_dev *hdev, u8 status)
5433{
5434 struct cmd_lookup match = { NULL, hdev };
5435
5436 BT_DBG("status 0x%02x", status);
5437
5438 hci_dev_lock(hdev);
5439
6046dc3e
AG		 5440 restart_le_auto_conns(hdev);
5441
229ab39c
JH		 5442 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5443
5444 new_settings(hdev, match.sk);
5445
5446 hci_dev_unlock(hdev);
5447
5448 if (match.sk)
5449 sock_put(match.sk);
5450}
5451
70da6243 5452static int powered_update_hci(struct hci_dev *hdev)
5add6af8 5453{
890ea898 5454 struct hci_request req;
70da6243 5455 u8 link_sec;
5add6af8 5456
890ea898
JH		 5457 hci_req_init(&req, hdev);
5458
70da6243
JH		 5459 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
5460 !lmp_host_ssp_capable(hdev)) {
5461 u8 ssp = 1;
5e5282bb 5462
890ea898 5463 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 5464 }
5add6af8 5465
c73eee91
JH		 5466 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
5467 lmp_bredr_capable(hdev)) {
70da6243 5468 struct hci_cp_write_le_host_supported cp;
f0ff92fb 5469
70da6243
JH		 5470 cp.le = 1;
5471 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 5472
70da6243
JH		 5473 /* Check first if we already have the right
5474 * host state (host features set)
5475 */
5476 if (cp.le != lmp_host_le_capable(hdev) ||
5477 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 5478 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
5479 sizeof(cp), &cp);
70da6243 5480 }
3d1cbdd6 5481
d13eafce 5482 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 5483 /* Make sure the controller has a good default for
5484 * advertising data. This also applies to the case
5485 * where BR/EDR was toggled during the AUTO_OFF phase.
5486 */
f14d8f64 5487 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 5488 update_adv_data(&req);
f14d8f64
MH		 5489 update_scan_rsp_data(&req);
5490 }
441ad2d0 5491
bba3aa55
MH		 5492 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5493 enable_advertising(&req);
eeca6f89
JH		 5494 }
5495
70da6243
JH		 5496 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
5497 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 5498 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
5499 sizeof(link_sec), &link_sec);
562fcc24 5500
70da6243 5501 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 5502 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
5503 set_bredr_scan(&req);
890ea898 5504 update_class(&req);
13928971 5505 update_name(&req);
890ea898 5506 update_eir(&req);
70da6243 5507 }
562fcc24 5508
229ab39c 5509 return hci_req_run(&req, powered_complete);
70da6243 5510}
562fcc24 5511
70da6243
JH		 5512int mgmt_powered(struct hci_dev *hdev, u8 powered)
5513{
5514 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 5515 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
5516 u8 zero_cod[] = { 0, 0, 0 };
70da6243 5517 int err;
f0ff92fb 5518
70da6243
JH		 5519 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
5520 return 0;
5521
70da6243 5522 if (powered) {
229ab39c
JH		 5523 if (powered_update_hci(hdev) == 0)
5524 return 0;
fe038884 5525
229ab39c
JH		 5526 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
5527 &match);
5528 goto new_settings;
b24752fe
JH		 5529 }
5530
229ab39c
JH		 5531 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5532 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
5533
5534 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
5535 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
5536 zero_cod, sizeof(zero_cod), NULL);
5537
5538new_settings:
beadb2bd 5539 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 5540
5541 if (match.sk)
5542 sock_put(match.sk);
5543
7bb895d6 5544 return err;
5add6af8 5545}
73f22f62 5546
3eec705e 5547void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 5548{
5549 struct pending_cmd *cmd;
5550 u8 status;
5551
5552 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5553 if (!cmd)
3eec705e 5554 return;
96570ffc
JH		 5555
5556 if (err == -ERFKILL)
5557 status = MGMT_STATUS_RFKILLED;
5558 else
5559 status = MGMT_STATUS_FAILED;
5560
3eec705e 5561 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 5562
5563 mgmt_pending_remove(cmd);
96570ffc
JH		 5564}
5565
d1967ff8
MH		 5566void mgmt_discoverable_timeout(struct hci_dev *hdev)
5567{
5568 struct hci_request req;
d1967ff8
MH		 5569
5570 hci_dev_lock(hdev);
5571
5572 /* When discoverable timeout triggers, then just make sure
5573 * the limited discoverable flag is cleared. Even in the case
5574 * of a timeout triggered from general discoverable, it is
5575 * safe to unconditionally clear the flag.
5576 */
5577 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 5578 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 5579
5580 hci_req_init(&req, hdev);
4b580614
JH		 5581 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
5582 u8 scan = SCAN_PAGE;
5583 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
5584 sizeof(scan), &scan);
5585 }
d1967ff8 5586 update_class(&req);
9a43e25f 5587 update_adv_data(&req);
d1967ff8
MH		 5588 hci_req_run(&req, NULL);
5589
5590 hdev->discov_timeout = 0;
5591
9a43e25f
JH		 5592 new_settings(hdev, NULL);
5593
d1967ff8
MH		 5594 hci_dev_unlock(hdev);
5595}
5596
86a75645 5597void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 5598{
86a75645 5599 bool changed;
73f22f62 5600
bfaf8c9f
JH		 5601 /* Nothing needed here if there's a pending command since that
5602 * commands request completion callback takes care of everything
5603 * necessary.
5604 */
5605 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 5606 return;
bfaf8c9f 5607
bd107999
JH		 5608 /* Powering off may clear the scan mode - don't let that interfere */
5609 if (!discoverable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5610 return;
5611
9a43e25f 5612 if (discoverable) {
86a75645 5613 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5614 } else {
5615 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
86a75645 5616 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5617 }
5618
5619 if (changed) {
5620 struct hci_request req;
5621
5622 /* In case this change in discoverable was triggered by
5623 * a disabling of connectable there could be a need to
5624 * update the advertising flags.
5625 */
5626 hci_req_init(&req, hdev);
5627 update_adv_data(&req);
5628 hci_req_run(&req, NULL);
73f22f62 5629
86a75645 5630 new_settings(hdev, NULL);
9a43e25f 5631 }
73f22f62 5632}
9fbcbb45 5633
a330916c 5634void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 5635{
a330916c 5636 bool changed;
9fbcbb45 5637
d7b856f9
JH		 5638 /* Nothing needed here if there's a pending command since that
5639 * commands request completion callback takes care of everything
5640 * necessary.
5641 */
5642 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 5643 return;
d7b856f9 5644
ce3f24cf
JH		 5645 /* Powering off may clear the scan mode - don't let that interfere */
5646 if (!connectable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5647 return;
5648
a330916c
MH		 5649 if (connectable)
5650 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
5651 else
5652 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 5653
beadb2bd 5654 if (changed)
a330916c 5655 new_settings(hdev, NULL);
9fbcbb45 5656}
55ed8ca1 5657
778b235a
JH		 5658void mgmt_advertising(struct hci_dev *hdev, u8 advertising)
5659{
7c4cfab8
JH		 5660 /* Powering off may stop advertising - don't let that interfere */
5661 if (!advertising && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5662 return;
5663
778b235a
JH		 5664 if (advertising)
5665 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
5666 else
5667 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
5668}
5669
4796e8af 5670void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 5671{
ca69b795
JH		 5672 u8 mgmt_err = mgmt_status(status);
5673
2d7cee58 5674 if (scan & SCAN_PAGE)
744cf19e 5675 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 5676 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5677
5678 if (scan & SCAN_INQUIRY)
744cf19e 5679 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 5680 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5681}
5682
dc4a5ee2
MH		 5683void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
5684 bool persistent)
55ed8ca1 5685{
86742e1e 5686 struct mgmt_ev_new_link_key ev;
55ed8ca1 5687
a492cd52 5688 memset(&ev, 0, sizeof(ev));
55ed8ca1 5689
a492cd52 5690 ev.store_hint = persistent;
d753fdc4 5691 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 5692 ev.key.addr.type = BDADDR_BREDR;
a492cd52 5693 ev.key.type = key->type;
9b3b4460 5694 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 5695 ev.key.pin_len = key->pin_len;
55ed8ca1 5696
dc4a5ee2 5697 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 5698}
f7520543 5699
d7b25450
JH		 5700static u8 mgmt_ltk_type(struct smp_ltk *ltk)
5701{
5702 if (ltk->authenticated)
5703 return MGMT_LTK_AUTHENTICATED;
5704
5705 return MGMT_LTK_UNAUTHENTICATED;
5706}
5707
53ac6ab6 5708void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 5709{
5710 struct mgmt_ev_new_long_term_key ev;
5711
5712 memset(&ev, 0, sizeof(ev));
5713
5192d301
MH		 5714 /* Devices using resolvable or non-resolvable random addresses
5715 * without providing an indentity resolving key don't require
5716 * to store long term keys. Their addresses will change the
5717 * next time around.
5718 *
5719 * Only when a remote device provides an identity address
5720 * make sure the long term key is stored. If the remote
5721 * identity is known, the long term keys are internally
5722 * mapped to the identity address. So allow static random
5723 * and public addresses here.
5724 */
ba74b666
JH		 5725 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5726 (key->bdaddr.b[5] & 0xc0) != 0xc0)
5727 ev.store_hint = 0x00;
5728 else
53ac6ab6 5729 ev.store_hint = persistent;
ba74b666 5730
346af67b 5731 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 5732 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 5733 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 5734 ev.key.enc_size = key->enc_size;
5735 ev.key.ediv = key->ediv;
fe39c7b2 5736 ev.key.rand = key->rand;
346af67b 5737
2ceba539 5738 if (key->type == SMP_LTK)
346af67b
VCG		 5739 ev.key.master = 1;
5740
346af67b
VCG		 5741 memcpy(ev.key.val, key->val, sizeof(key->val));
5742
083368f7 5743 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 5744}
5745
95fbac8a
JH		 5746void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
5747{
5748 struct mgmt_ev_new_irk ev;
5749
5750 memset(&ev, 0, sizeof(ev));
5751
bab6d1e5
MH		 5752 /* For identity resolving keys from devices that are already
5753 * using a public address or static random address, do not
5754 * ask for storing this key. The identity resolving key really
5755 * is only mandatory for devices using resovlable random
5756 * addresses.
5757 *
5758 * Storing all identity resolving keys has the downside that
5759 * they will be also loaded on next boot of they system. More
5760 * identity resolving keys, means more time during scanning is
5761 * needed to actually resolve these addresses.
5762 */
5763 if (bacmp(&irk->rpa, BDADDR_ANY))
5764 ev.store_hint = 0x01;
5765 else
5766 ev.store_hint = 0x00;
5767
95fbac8a
JH		 5768 bacpy(&ev.rpa, &irk->rpa);
5769 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
5770 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
5771 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
5772
5773 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
5774}
5775
53ac6ab6
MH		 5776void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
5777 bool persistent)
7ee4ea36
MH		 5778{
5779 struct mgmt_ev_new_csrk ev;
5780
5781 memset(&ev, 0, sizeof(ev));
5782
5783 /* Devices using resolvable or non-resolvable random addresses
5784 * without providing an indentity resolving key don't require
5785 * to store signature resolving keys. Their addresses will change
5786 * the next time around.
5787 *
5788 * Only when a remote device provides an identity address
5789 * make sure the signature resolving key is stored. So allow
5790 * static random and public addresses here.
5791 */
5792 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5793 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
5794 ev.store_hint = 0x00;
5795 else
53ac6ab6 5796 ev.store_hint = persistent;
7ee4ea36
MH		 5797
5798 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
5799 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
5800 ev.key.master = csrk->master;
5801 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
5802
5803 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
5804}
5805
ffb5a827 5806void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 5807 u8 bdaddr_type, u8 store_hint, u16 min_interval,
5808 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 5809{
5810 struct mgmt_ev_new_conn_param ev;
5811
c103aea6
JH		 5812 if (!hci_is_identity_address(bdaddr, bdaddr_type))
5813 return;
5814
ffb5a827
AG		 5815 memset(&ev, 0, sizeof(ev));
5816 bacpy(&ev.addr.bdaddr, bdaddr);
5817 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 5818 ev.store_hint = store_hint;
ffb5a827
AG		 5819 ev.min_interval = cpu_to_le16(min_interval);
5820 ev.max_interval = cpu_to_le16(max_interval);
5821 ev.latency = cpu_to_le16(latency);
5822 ev.timeout = cpu_to_le16(timeout);
5823
5824 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
5825}
5826
94933991
MH		 5827static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
5828 u8 data_len)
5829{
5830 eir[eir_len++] = sizeof(type) + data_len;
5831 eir[eir_len++] = type;
5832 memcpy(&eir[eir_len], data, data_len);
5833 eir_len += data_len;
5834
5835 return eir_len;
5836}
5837
ecd90ae7
MH		 5838void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5839 u8 addr_type, u32 flags, u8 *name, u8 name_len,
5840 u8 *dev_class)
f7520543 5841{
b644ba33
JH		 5842 char buf[512];
5843 struct mgmt_ev_device_connected *ev = (void *) buf;
5844 u16 eir_len = 0;
f7520543 5845
b644ba33 5846 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5847 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 5848
c95f0ba7 5849 ev->flags = __cpu_to_le32(flags);
08c79b61 5850
b644ba33
JH		 5851 if (name_len > 0)
5852 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 5853 name, name_len);
b644ba33
JH		 5854
5855 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 5856 eir_len = eir_append_data(ev->eir, eir_len,
04124681 5857 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 5858
eb55ef07 5859 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 5860
ecd90ae7
MH		 5861 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
5862 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 5863}
5864
8962ee74
JH		 5865static void disconnect_rsp(struct pending_cmd *cmd, void *data)
5866{
c68fb7ff 5867 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 5868 struct sock **sk = data;
a38528f1 5869 struct mgmt_rp_disconnect rp;
8962ee74 5870
88c3df13
JH		 5871 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5872 rp.addr.type = cp->addr.type;
8962ee74 5873
aee9b218 5874 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 5875 sizeof(rp));
8962ee74
JH		 5876
5877 *sk = cmd->sk;
5878 sock_hold(*sk);
5879
a664b5bc 5880 mgmt_pending_remove(cmd);
8962ee74
JH		 5881}
5882
124f6e35 5883static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 5884{
b1078ad0 5885 struct hci_dev *hdev = data;
124f6e35
JH		 5886 struct mgmt_cp_unpair_device *cp = cmd->param;
5887 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 5888
5889 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 5890 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5891 rp.addr.type = cp->addr.type;
a8a1d19e 5892
b1078ad0
JH		 5893 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
5894
aee9b218 5895 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 5896
5897 mgmt_pending_remove(cmd);
5898}
5899
9b80ec5e 5900void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 5901 u8 link_type, u8 addr_type, u8 reason,
5902 bool mgmt_connected)
f7520543 5903{
f0d6a0ea 5904 struct mgmt_ev_device_disconnected ev;
8b064a3a 5905 struct pending_cmd *power_off;
8962ee74 5906 struct sock *sk = NULL;
8962ee74 5907
8b064a3a
JH		 5908 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5909 if (power_off) {
5910 struct mgmt_mode *cp = power_off->param;
5911
5912 /* The connection is still in hci_conn_hash so test for 1
5913 * instead of 0 to know if this is the last one.
5914 */
a3172b7e
JH		 5915 if (!cp->val && hci_conn_count(hdev) == 1) {
5916 cancel_delayed_work(&hdev->power_off);
8b064a3a 5917 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 5918 }
8b064a3a
JH		 5919 }
5920
12d4a3b2
JH		 5921 if (!mgmt_connected)
5922 return;
5923
57eb776f
AG		 5924 if (link_type != ACL_LINK && link_type != LE_LINK)
5925 return;
5926
744cf19e 5927 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 5928
f0d6a0ea
MA		 5929 bacpy(&ev.addr.bdaddr, bdaddr);
5930 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5931 ev.reason = reason;
f7520543 5932
9b80ec5e 5933 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 5934
5935 if (sk)
d97dcb66 5936 sock_put(sk);
8962ee74 5937
124f6e35 5938 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 5939 hdev);
8962ee74
JH		 5940}
5941
7892924c
MH		 5942void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
5943 u8 link_type, u8 addr_type, u8 status)
8962ee74 5944{
3655bba8
AG		 5945 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
5946 struct mgmt_cp_disconnect *cp;
88c3df13 5947 struct mgmt_rp_disconnect rp;
8962ee74 5948 struct pending_cmd *cmd;
8962ee74 5949
36a75f1b
JD		 5950 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
5951 hdev);
5952
2e58ef3e 5953 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 5954 if (!cmd)
7892924c 5955 return;
8962ee74 5956
3655bba8
AG		 5957 cp = cmd->param;
5958
5959 if (bacmp(bdaddr, &cp->addr.bdaddr))
5960 return;
5961
5962 if (cp->addr.type != bdaddr_type)
5963 return;
5964
88c3df13 5965 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 5966 rp.addr.type = bdaddr_type;
37d9ef76 5967
7892924c
MH		 5968 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
5969 mgmt_status(status), &rp, sizeof(rp));
8962ee74 5970
a664b5bc 5971 mgmt_pending_remove(cmd);
f7520543 5972}
17d5c04c 5973
445608d0
MH		 5974void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5975 u8 addr_type, u8 status)
17d5c04c
JH		 5976{
5977 struct mgmt_ev_connect_failed ev;
c9910d0f
JH		 5978 struct pending_cmd *power_off;
5979
5980 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5981 if (power_off) {
5982 struct mgmt_mode *cp = power_off->param;
5983
5984 /* The connection is still in hci_conn_hash so test for 1
5985 * instead of 0 to know if this is the last one.
5986 */
a3172b7e
JH		 5987 if (!cp->val && hci_conn_count(hdev) == 1) {
5988 cancel_delayed_work(&hdev->power_off);
c9910d0f 5989 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 5990 }
c9910d0f 5991 }
17d5c04c 5992
4c659c39 5993 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5994 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5995 ev.status = mgmt_status(status);
17d5c04c 5996
445608d0 5997 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 5998}
980e1a53 5999
ce0e4a0d 6000void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 6001{
6002 struct mgmt_ev_pin_code_request ev;
6003
d8457698 6004 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 6005 ev.addr.type = BDADDR_BREDR;
a770bb5a 6006 ev.secure = secure;
980e1a53 6007
ce0e4a0d 6008 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 6009}
6010
e669cf80
MH		 6011void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6012 u8 status)
980e1a53
JH		 6013{
6014 struct pending_cmd *cmd;
ac56fb13 6015 struct mgmt_rp_pin_code_reply rp;
980e1a53 6016
2e58ef3e 6017 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 6018 if (!cmd)
e669cf80 6019 return;
980e1a53 6020
d8457698 6021 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 6022 rp.addr.type = BDADDR_BREDR;
ac56fb13 6023
e669cf80
MH		 6024 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
6025 mgmt_status(status), &rp, sizeof(rp));
980e1a53 6026
a664b5bc 6027 mgmt_pending_remove(cmd);
980e1a53
JH		 6028}
6029
3eb38528
MH		 6030void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6031 u8 status)
980e1a53
JH		 6032{
6033 struct pending_cmd *cmd;
ac56fb13 6034 struct mgmt_rp_pin_code_reply rp;
980e1a53 6035
2e58ef3e 6036 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 6037 if (!cmd)
3eb38528 6038 return;
980e1a53 6039
d8457698 6040 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 6041 rp.addr.type = BDADDR_BREDR;
ac56fb13 6042
3eb38528
MH		 6043 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
6044 mgmt_status(status), &rp, sizeof(rp));
980e1a53 6045
a664b5bc 6046 mgmt_pending_remove(cmd);
980e1a53 6047}
a5c29683 6048
744cf19e 6049int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 6050 u8 link_type, u8 addr_type, u32 value,
04124681 6051 u8 confirm_hint)
a5c29683
JH		 6052{
6053 struct mgmt_ev_user_confirm_request ev;
6054
744cf19e 6055 BT_DBG("%s", hdev->name);
a5c29683 6056
272d90df 6057 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6058 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 6059 ev.confirm_hint = confirm_hint;
39adbffe 6060 ev.value = cpu_to_le32(value);
a5c29683 6061
744cf19e 6062 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 6063 NULL);
a5c29683
JH		 6064}
6065
272d90df 6066int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 6067 u8 link_type, u8 addr_type)
604086b7
BG		 6068{
6069 struct mgmt_ev_user_passkey_request ev;
6070
6071 BT_DBG("%s", hdev->name);
6072
272d90df 6073 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6074 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 6075
6076 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 6077 NULL);
604086b7
BG		 6078}
6079
0df4c185 6080static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 6081 u8 link_type, u8 addr_type, u8 status,
6082 u8 opcode)
a5c29683
JH		 6083{
6084 struct pending_cmd *cmd;
6085 struct mgmt_rp_user_confirm_reply rp;
6086 int err;
6087
2e58ef3e 6088 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 6089 if (!cmd)
6090 return -ENOENT;
6091
272d90df 6092 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 6093 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 6094 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 6095 &rp, sizeof(rp));
a5c29683 6096
a664b5bc 6097 mgmt_pending_remove(cmd);
a5c29683
JH		 6098
6099 return err;
6100}
6101
744cf19e 6102int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6103 u8 link_type, u8 addr_type, u8 status)
a5c29683 6104{
272d90df 6105 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6106 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 6107}
6108
272d90df 6109int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6110 u8 link_type, u8 addr_type, u8 status)
a5c29683 6111{
272d90df 6112 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6113 status,
6114 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 6115}
2a611692 6116
604086b7 6117int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6118 u8 link_type, u8 addr_type, u8 status)
604086b7 6119{
272d90df 6120 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6121 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 6122}
6123
272d90df 6124int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6125 u8 link_type, u8 addr_type, u8 status)
604086b7 6126{
272d90df 6127 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6128 status,
6129 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 6130}
6131
92a25256
JH		 6132int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
6133 u8 link_type, u8 addr_type, u32 passkey,
6134 u8 entered)
6135{
6136 struct mgmt_ev_passkey_notify ev;
6137
6138 BT_DBG("%s", hdev->name);
6139
6140 bacpy(&ev.addr.bdaddr, bdaddr);
6141 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6142 ev.passkey = __cpu_to_le32(passkey);
6143 ev.entered = entered;
6144
6145 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
6146}
6147
e546099c
MH		 6148void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6149 u8 addr_type, u8 status)
2a611692
JH		 6150{
6151 struct mgmt_ev_auth_failed ev;
6152
bab73cb6 6153 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6154 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6155 ev.status = mgmt_status(status);
2a611692 6156
e546099c 6157 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 6158}
b312b161 6159
464996ae 6160void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 6161{
6162 struct cmd_lookup match = { NULL, hdev };
464996ae 6163 bool changed;
33ef95ed
JH		 6164
6165 if (status) {
6166 u8 mgmt_err = mgmt_status(status);
6167 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 6168 cmd_status_rsp, &mgmt_err);
464996ae 6169 return;
33ef95ed
JH		 6170 }
6171
464996ae
MH		 6172 if (test_bit(HCI_AUTH, &hdev->flags))
6173 changed = !test_and_set_bit(HCI_LINK_SECURITY,
6174 &hdev->dev_flags);
6175 else
6176 changed = test_and_clear_bit(HCI_LINK_SECURITY,
6177 &hdev->dev_flags);
47990ea0 6178
33ef95ed 6179 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 6180 &match);
33ef95ed 6181
47990ea0 6182 if (changed)
464996ae 6183 new_settings(hdev, match.sk);
33ef95ed
JH		 6184
6185 if (match.sk)
6186 sock_put(match.sk);
33ef95ed
JH		 6187}
6188
890ea898 6189static void clear_eir(struct hci_request *req)
cacaf52f 6190{
890ea898 6191 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 6192 struct hci_cp_write_eir cp;
6193
976eb20e 6194 if (!lmp_ext_inq_capable(hdev))
890ea898 6195 return;
cacaf52f 6196
c80da27e
JH		 6197 memset(hdev->eir, 0, sizeof(hdev->eir));
6198
cacaf52f
JH		 6199 memset(&cp, 0, sizeof(cp));
6200
890ea898 6201 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 6202}
6203
3e248560 6204void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 6205{
6206 struct cmd_lookup match = { NULL, hdev };
890ea898 6207 struct hci_request req;
c0ecddc2 6208 bool changed = false;
ed2c4ee3
JH		 6209
6210 if (status) {
6211 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 6212
6213 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 6214 &hdev->dev_flags)) {
6215 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 6216 new_settings(hdev, NULL);
9ecb3e24 6217 }
c0ecddc2 6218
04124681
GP		 6219 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
6220 &mgmt_err);
3e248560 6221 return;
c0ecddc2
JH		 6222 }
6223
6224 if (enable) {
9ecb3e24 6225 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 6226 } else {
9ecb3e24
MH		 6227 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
6228 if (!changed)
6229 changed = test_and_clear_bit(HCI_HS_ENABLED,
6230 &hdev->dev_flags);
6231 else
6232 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 6233 }
6234
6235 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
6236
c0ecddc2 6237 if (changed)
3e248560 6238 new_settings(hdev, match.sk);
ed2c4ee3 6239
5fc6ebb1 6240 if (match.sk)
ed2c4ee3
JH		 6241 sock_put(match.sk);
6242
890ea898
JH		 6243 hci_req_init(&req, hdev);
6244
3769972b
JH		 6245 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
6246 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
6247 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
6248 sizeof(enable), &enable);
890ea898 6249 update_eir(&req);
3769972b 6250 } else {
890ea898 6251 clear_eir(&req);
3769972b 6252 }
890ea898
JH		 6253
6254 hci_req_run(&req, NULL);
ed2c4ee3
JH		 6255}
6256
eac83dc6
MH		 6257void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
6258{
6259 struct cmd_lookup match = { NULL, hdev };
6260 bool changed = false;
6261
6262 if (status) {
6263 u8 mgmt_err = mgmt_status(status);
6264
0ab04a9c
MH		 6265 if (enable) {
6266 if (test_and_clear_bit(HCI_SC_ENABLED,
6267 &hdev->dev_flags))
6268 new_settings(hdev, NULL);
6269 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6270 }
eac83dc6
MH		 6271
6272 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6273 cmd_status_rsp, &mgmt_err);
6274 return;
6275 }
6276
0ab04a9c 6277 if (enable) {
eac83dc6 6278 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 6279 } else {
eac83dc6 6280 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 6281 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6282 }
eac83dc6
MH		 6283
6284 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6285 settings_rsp, &match);
6286
6287 if (changed)
6288 new_settings(hdev, match.sk);
6289
6290 if (match.sk)
6291 sock_put(match.sk);
6292}
6293
92da6097 6294static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 6295{
6296 struct cmd_lookup *match = data;
6297
90e70454
JH		 6298 if (match->sk == NULL) {
6299 match->sk = cmd->sk;
6300 sock_hold(match->sk);
6301 }
90e70454
JH		 6302}
6303
4e1b0245
MH		 6304void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
6305 u8 status)
7f9a903c 6306{
90e70454 6307 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 6308
92da6097
JH		 6309 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
6310 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
6311 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 6312
6313 if (!status)
4e1b0245
MH		 6314 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
6315 NULL);
90e70454
JH		 6316
6317 if (match.sk)
6318 sock_put(match.sk);
7f9a903c
MH		 6319}
6320
7667da34 6321void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 6322{
b312b161 6323 struct mgmt_cp_set_local_name ev;
13928971 6324 struct pending_cmd *cmd;
28cc7bde 6325
13928971 6326 if (status)
7667da34 6327 return;
b312b161
JH		 6328
6329 memset(&ev, 0, sizeof(ev));
6330 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 6331 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 6332
2e58ef3e 6333 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 6334 if (!cmd) {
6335 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 6336
13928971
JH		 6337 /* If this is a HCI command related to powering on the
6338 * HCI dev don't send any mgmt signals.
6339 */
6340 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 6341 return;
890ea898 6342 }
b312b161 6343
7667da34
MH		 6344 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
6345 cmd ? cmd->sk : NULL);
b312b161 6346}
c35938b2 6347
4d2d2796
MH		 6348void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
6349 u8 *randomizer192, u8 *hash256,
6350 u8 *randomizer256, u8 status)
c35938b2
SJ		 6351{
6352 struct pending_cmd *cmd;
c35938b2 6353
744cf19e 6354 BT_DBG("%s status %u", hdev->name, status);
c35938b2 6355
2e58ef3e 6356 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 6357 if (!cmd)
3edaf092 6358 return;
c35938b2
SJ		 6359
6360 if (status) {
3edaf092
MH		 6361 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
6362 mgmt_status(status));
c35938b2 6363 } else {
4d2d2796
MH		 6364 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
6365 hash256 && randomizer256) {
6366 struct mgmt_rp_read_local_oob_ext_data rp;
6367
6368 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
6369 memcpy(rp.randomizer192, randomizer192,
6370 sizeof(rp.randomizer192));
c35938b2 6371
4d2d2796
MH		 6372 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
6373 memcpy(rp.randomizer256, randomizer256,
6374 sizeof(rp.randomizer256));
c35938b2 6375
4d2d2796
MH		 6376 cmd_complete(cmd->sk, hdev->id,
6377 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6378 &rp, sizeof(rp));
6379 } else {
6380 struct mgmt_rp_read_local_oob_data rp;
6381
6382 memcpy(rp.hash, hash192, sizeof(rp.hash));
6383 memcpy(rp.randomizer, randomizer192,
6384 sizeof(rp.randomizer));
6385
6386 cmd_complete(cmd->sk, hdev->id,
6387 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6388 &rp, sizeof(rp));
6389 }
c35938b2
SJ		 6390 }
6391
6392 mgmt_pending_remove(cmd);
c35938b2 6393}
e17acd40 6394
901801b9 6395void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
af58925c
MH		 6396 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
6397 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 6398{
e319d2e7
JH		 6399 char buf[512];
6400 struct mgmt_ev_device_found *ev = (void *) buf;
5cedbb8d 6401 struct smp_irk *irk;
1dc06093 6402 size_t ev_size;
e17acd40 6403
12602d0c 6404 if (!hci_discovery_active(hdev))
901801b9 6405 return;
12602d0c 6406
5d2e9fad
JH		 6407 /* Make sure that the buffer is big enough. The 5 extra bytes
6408 * are for the potential CoD field.
6409 */
6410 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
901801b9 6411 return;
7d262f86 6412
1dc06093
JH		 6413 memset(buf, 0, sizeof(buf));
6414
5cedbb8d
JH		 6415 irk = hci_get_irk(hdev, bdaddr, addr_type);
6416 if (irk) {
6417 bacpy(&ev->addr.bdaddr, &irk->bdaddr);
6418 ev->addr.type = link_to_bdaddr(link_type, irk->addr_type);
6419 } else {
6420 bacpy(&ev->addr.bdaddr, bdaddr);
6421 ev->addr.type = link_to_bdaddr(link_type, addr_type);
6422 }
6423
e319d2e7 6424 ev->rssi = rssi;
af58925c 6425 ev->flags = cpu_to_le32(flags);
e17acd40 6426
1dc06093 6427 if (eir_len > 0)
e319d2e7 6428 memcpy(ev->eir, eir, eir_len);
e17acd40 6429
1dc06093
JH		 6430 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
6431 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 6432 dev_class, 3);
1dc06093 6433
5d2e9fad
JH		 6434 if (scan_rsp_len > 0)
6435 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
6436
6437 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
6438 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 6439
901801b9 6440 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 6441}
a88a9652 6442
9cf12aee
MH		 6443void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6444 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 6445{
b644ba33
JH		 6446 struct mgmt_ev_device_found *ev;
6447 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
6448 u16 eir_len;
a88a9652 6449
b644ba33 6450 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 6451
b644ba33
JH		 6452 memset(buf, 0, sizeof(buf));
6453
6454 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 6455 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 6456 ev->rssi = rssi;
6457
6458 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 6459 name_len);
b644ba33 6460
eb55ef07 6461 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 6462
9cf12aee 6463 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 6464}
314b2381 6465
2f1e063b 6466void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 6467{
f963e8e9 6468 struct mgmt_ev_discovering ev;
164a6e78
JH		 6469 struct pending_cmd *cmd;
6470
343fb145
AG		 6471 BT_DBG("%s discovering %u", hdev->name, discovering);
6472
164a6e78 6473 if (discovering)
2e58ef3e 6474 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 6475 else
2e58ef3e 6476 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 6477
6478 if (cmd != NULL) {
f808e166
JH		 6479 u8 type = hdev->discovery.type;
6480
04124681
GP		 6481 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
6482 sizeof(type));
164a6e78
JH		 6483 mgmt_pending_remove(cmd);
6484 }
6485
f963e8e9
JH		 6486 memset(&ev, 0, sizeof(ev));
6487 ev.type = hdev->discovery.type;
6488 ev.discovering = discovering;
6489
2f1e063b 6490 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 6491}
5e762444 6492
5976e608
MH		 6493static void adv_enable_complete(struct hci_dev *hdev, u8 status)
6494{
6495 BT_DBG("%s status %u", hdev->name, status);
6496
6497 /* Clear the advertising mgmt setting if we failed to re-enable it */
6498 if (status) {
6499 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 6500 new_settings(hdev, NULL);
5976e608
MH		 6501 }
6502}
6503
6504void mgmt_reenable_advertising(struct hci_dev *hdev)
6505{
6506 struct hci_request req;
6507
b145edcd 6508 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 6509 return;
6510
6511 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6512 return;
6513
6514 hci_req_init(&req, hdev);
6515 enable_advertising(&req);
6516
6517 /* If this fails we have no option but to let user space know
6518 * that we've disabled advertising.
6519 */
6520 if (hci_req_run(&req, adv_enable_complete) < 0) {
6521 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 6522 new_settings(hdev, NULL);
5976e608
MH		 6523 }
6524}
Ubuntu Artful kernel mirror